GESA Privacy Policy

The Gastroenterological Society of Australia (GESA) is committed to protecting the privacy of the Personal Information it collects and receives. This policy has been developed in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information and explains how we collect, use, disclose and otherwise handle Personal Information relating to individuals, whether or not they are members of GESA. It also explains how you can ask to access and correct the Personal Information we hold about you or complain about any suspected privacy breach. Nothing in this policy limits any of our other obligations at law.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au

 

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. We are required to collect Personal Information only by lawful and fair means.

Personal Information we collect and hold may include:-

  • your name(s), date of birth, gender, postal address(es), email addresses, telephone and facsimile numbers;
  • your employer and employment details;
  • your education and other qualifications and certifications;
  • your preferences;
  • your interests or
  • other information relevant to your membership or potential membership with GESA or your participation in GESA-managed programs.

We may request from you additional information we require to provide our services to you, or to allow the organisation you work for to provide GESA with services. Further information may be collected with your consent in specific instances as disclosed to you.

When GESA collects Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it and will tell you the purposes for which we are collecting the information.

Where reasonable and practicable to do so we will collect your Personal Information only and directly from you. However in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Your Personal Information held by GESA will not be used or disclosed by us, except as authorised by you or as is reasonably necessary for the purposes outlined to you.

Should you choose not to provide Personal Information we may not be able to provide you with the services you require or we may not be able to provide you with the required services to a level that we regard as best practice.

 

Data Collection

The Personal Information we may collect is obtained in many ways including:-

  • from information supplied by you in conversation or communications with you or your colleagues, employees or employer;
  • interviews;
  • correspondence;
  • by telephone or facsimile;
  • by email;
  • via our websites;
  • from your website;
  • from media or publications;
  • from other publicly available sources or
  • from third parties.

We collect your Personal Information for the primary purpose of providing our services to you and to provide information to relevant third parties e.g. the general public. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

Additionally, GESA may use Personal Information to:

  • maintain and update details for membership and website administration purposes;
  • administer the GESA website;
  • manage the usage of website resources;
  • enable your access to and use of the website services;
  • publish information about you on the website;
  • send products to you that you have requested or purchased using the website;
  • supply services or information that you have requested or purchased using the website;
  • send receipts or invoices;
  • collect payments;
  • conduct activities for quality and research purposes or
  • send marketing communications (you may unsubscribe from our mailing/marketing lists at any time by contacting us in writing).

 

Patient Identification Information

If you provide any patient information to us it is your responsibility to ensure that all patient privacy obligations are met and that any necessary patient consent has been obtained first. Only anonymous patient information should be provided to GESA. If any patient identification information is included in the data you provide to us it is your responsibility to ensure that you address this issue with your patient and that their consent has been obtained. You may also need to check that the privacy requirements of your practice or institution do not conflict with or limit this requirement.

While all patient information provided to GESA should be anonymous we strive to manage all patient information we hold in a manner fully consistent with the accepted standard for storage of medical records in Australia.

 

CCRTGE and Colonoscopy Recertification Programs

The CCRTGE and Colonoscopy Recertification programs collect information on patient procedures and practitioners. All data collected is treated according to the principles in this policy and is used only for the stated purposes of the programs. Participation in these programs is taken as consent by all participants, both practitioners and patients, to the terms of this privacy policy. Data may be used in GESA-approved research projects in an aggregated and anonymous form.

 

Use of Data for Research Purposes

The Research Committee and GESA Board may from time to time approve the use of aggregate and anonymous data to be used for research purposes. These research projects must align with the intent and purpose of the Society.

 

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only where it is reasonably necessary for our core functions and/or activities for example:

  • for the primary purpose for which it was obtained;
  • for a secondary purpose that is directly related to the primary purpose;
  • with your consent;
  • where required or authorised by law;
  • to interact with other professional associations with which we have reciprocal arrangements with your consent or
  • to collect dietary requirements for events and conferences.

 

Information stored locally on your computer

We (or a third party providing services to us, such as Google) may use cookies, pixel tags, “flash cookies”, or other local storage on your computer provided by your browser or associated software applications which may collect and store your Personal Information.

Your internet browser may be set to enable cookies. If you prefer not to allow the use of cookies on your computer you can adjust your internet browser settings to disable cookies. Disabling cookies may limit the functionality of websites that you visit.

Your use of our websites is taken to mean that you consent to and acknowledge that we collect your Personal Information through cookies or any other local storage used by GESA or third party services such as Google Analytics.

The GESA website may also include links to third party websites. GESA is not responsible for the privacy policies and practices or use of cookies of any third party website.

GESA websites are hosted by an online service provider which may change from time to time. Our service providers’ use of cookies is not covered by our Privacy Policy.

 

Collecting Information about your use of this website

When a person visits a GESA website a record of their visit may be logged and the following information recorded for statistical, quality or maintenance purposes:-

  • the date and time of the visit;
  • the address of the pages accessed and the documents downloaded and
  • the type and operating system of the device used to access the site.

Many of the GESA websites have Google Analytics enabled. Google Analytics provides general information about the use of our websites including how often web pages are visited and what, if any, links are clicked or files downloaded.

None of the above data is linked to any individual user, even where a login is required.

 

Disclosure of Personal Information

Your Personal Information may be used by us or our associates and disclosed in a number of circumstances, including the following:-

  • where required or authorised by law;
  • research purposes in an aggregated and anonymous form;
  • to provide products and services to you;
  • to collect payments and to administer your account;
  • to provide you with updated or new information about our offerings and services;
  • for the development of existing and new offerings and services;
  • to maintain and update our business infrastructure and systems and
  • to promote our other offerings and services to you.

In providing our offerings and services, or collecting and using your Personal Information, your Personal Information may be disclosed to third party organisations including:-

  • information technology service providers;
  • conference organisers;
  • printers and distributors of direct marketing material;
  • our legal, accounting, financial or other professional advisors;
  • regulatory, government and other authorities as required by law;
  • international bodies with which we have mutual recognition agreements;
  • members of GESA committees such as advisory committees;
  • our partners and sponsors to enable them to provide information about their products and services;
  • marketing and communications agencies or
  • mailing houses, freight or courier services.

Where GESA discloses Personal Information to its agents or sub-contractors for these purposes the agent or sub-contractor will be obliged to use that Personal Information in accordance with the terms of this privacy statement.

In such a case we will take reasonable steps to ensure that you are made aware of the information disclosed to the third party and:-

  • whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located and
  • how to access and correct Personal Information and make privacy complaints.

In addition to the disclosures reasonably necessary for the purposes identified above, GESA may disclose Personal Information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend its legal rights.

 

Request for information

GESA does not disclose personal information to third parties. Exceptions to this policy are research requests where aggregate and anonymous data may be provided to a third party. Requests must be in writing to "gesa@gesa.org.au", contain the intent and length of use and a data management plan which must include the arrangements for destruction of the data provided by GESA once the research is concluded.. Approval is only considered for research purposes and non-commercial use. All requests will be presented to the Board and possibly the Research Committee for review before approval or access is granted.

 

Cross-border Data Transfers

Information that GESA collects may be stored and processed in and transferred between any of the countries in which GESA operates to enable the use of the information in accordance with this privacy policy.

In addition, any Personal Information submitted to the website with the understanding that it will be used for publication on the website may be published on the internet and may, therefore, be publicly available.

Any Personal Information submitted for publication implies agreement to cross-border transfers of Personal Information.

 

Unsolicited information

Unsolicited Personal Information is Personal Information we receive that we have taken no active steps to collect. If the information we receive is not required for GESA to perform one or more of our services or activities, we will destroy the information as soon as practicable.

 

Maintaining the Quality of your Personal Information

GESA takes reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you provide. It is an important to us that your Personal Information is up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. We recommend that you let us know if there are any errors in your Personal Information and that you keep us updated with changes to your information.

 

Security and Disposal of Personal Information

GESA takes reasonable steps to protect any of your Personal Information that we hold. Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of seven years.

You can also help to protect the privacy of your Personal Information by keeping passwords secret and by ensuring that you log out of the website when you have completed your transaction. If you become aware of any security breach please contact GESA head office as soon as possible.

 

Securing Your Data

GESA will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of Personal Information.

GESA will store all the Personal Information provided on secure servers.

Information relating to electronic transactions entered via this website will be protected by encryption technology.

 

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions as allowed by law. If you wish to access your Personal Information please contact us in writing. We will assess your request and provide you with a response, usually within ten working days.

GESA will not charge any fee for your access request, however, we may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

If we refuse your request, or if we refuse to give you access in the manner you request, GESA’s policy is to provide you with written confirmation of the reasons for our refusal and the available complaint process.

Members can access and update their contact details by logging in to the member-only area of the GESA website. For any Personal Information that cannot be accessed and corrected through the GESA website please contact us using the contact information on the 'Contact' page of this website.

 

Unsubscribing

You may opt out of receiving our marketing, advertising and promotional notices, offers and communications by emailing us at the email address listed on the 'Contact' page of this website, or by following the ‘unsubscribe’ link in our email communication campaigns.

 

Policy Updates and Variations

This policy may be changed (varied or updated) from time to time in accordance with any legislative changes, changes to our practices or changes to the way we collect, use and disclose any Personal Information.

 

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy or about how GESA has collected, stored or used your Personal Information please contact us using the contact information on the 'Contact' page of this website.

We will endeavour to deal with your complaint and take any steps necessary to resolve the matter promptly, usually within ten business days.

If your complaint is unable to be resolved within ten business days we will advise you in writing to let you know when we expect to provide our response.

If you are not satisfied with our response you can refer your complaint to the Office of the Australian Information Commissioner whose contact details can be found at https://www.oaic.gov.au/about-us/contact-us