The Gastroenterological Society of Australia (GESA) is committed to protecting the privacy of the Personal Information it collects and receives. This policy has been developed in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information and explains how we collect, use, disclose and otherwise handle Personal Information relating to individuals, whether or not they are members of GESA. It also explains how you can ask to access and correct the Personal Information we hold about you or complain about any suspected privacy breach. Nothing in this policy limits any of our other obligations at law.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. We are required to collect Personal Information only by lawful and fair means.
Personal Information we collect and hold may include:-
We may request from you additional information we require to provide our services to you, or to allow the organisation you work for to provide GESA with services. Further information may be collected with your consent in specific instances as disclosed to you.
When GESA collects Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it and will tell you the purposes for which we are collecting the information.
Where reasonable and practicable to do so we will collect your Personal Information only and directly from you. However in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Your Personal Information held by GESA will not be used or disclosed by us, except as authorised by you or as is reasonably necessary for the purposes outlined to you.
Should you choose not to provide Personal Information we may not be able to provide you with the services you require or we may not be able to provide you with the required services to a level that we regard as best practice.
The Personal Information we may collect is obtained in many ways including:-
We collect your Personal Information for the primary purpose of providing our services to you and to provide information to relevant third parties e.g. the general public. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
Additionally, GESA may use Personal Information to:
Patient Identification Information
If you provide any patient information to us it is your responsibility to ensure that all patient privacy obligations are met and that any necessary patient consent has been obtained first. Only anonymous patient information should be provided to GESA. If any patient identification information is included in the data you provide to us it is your responsibility to ensure that you address this issue with your patient and that their consent has been obtained. You may also need to check that the privacy requirements of your practice or institution do not conflict with or limit this requirement.
While all patient information provided to GESA should be anonymous we strive to manage all patient information we hold in a manner fully consistent with the accepted standard for storage of medical records in Australia.
CCRTGE and Colonoscopy Recertification Programs
Use of Data for Research Purposes
The Research Committee and GESA Board may from time to time approve the use of aggregate and anonymous data to be used for research purposes. These research projects must align with the intent and purpose of the Society.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only where it is reasonably necessary for our core functions and/or activities for example:
Information stored locally on your computer
Your use of our websites is taken to mean that you consent to and acknowledge that we collect your Personal Information through cookies or any other local storage used by GESA or third party services such as Google Analytics.
Collecting Information about your use of this website
When a person visits a GESA website a record of their visit may be logged and the following information recorded for statistical, quality or maintenance purposes:-
Many of the GESA websites have Google Analytics enabled. Google Analytics provides general information about the use of our websites including how often web pages are visited and what, if any, links are clicked or files downloaded.
None of the above data is linked to any individual user, even where a login is required.
Disclosure of Personal Information
Your Personal Information may be used by us or our associates and disclosed in a number of circumstances, including the following:-
In providing our offerings and services, or collecting and using your Personal Information, your Personal Information may be disclosed to third party organisations including:-
Where GESA discloses Personal Information to its agents or sub-contractors for these purposes the agent or sub-contractor will be obliged to use that Personal Information in accordance with the terms of this privacy statement.
In such a case we will take reasonable steps to ensure that you are made aware of the information disclosed to the third party and:-
In addition to the disclosures reasonably necessary for the purposes identified above, GESA may disclose Personal Information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend its legal rights.
Request for information
GESA does not disclose personal information to third parties. Exceptions to this policy are research requests where aggregate and anonymous data may be provided to a third party. Requests must be in writing to "email@example.com", contain the intent and length of use and a data management plan which must include the arrangements for destruction of the data provided by GESA once the research is concluded.. Approval is only considered for research purposes and non-commercial use. All requests will be presented to the Board and possibly the Research Committee for review before approval or access is granted.
Cross-border Data Transfers
In addition, any Personal Information submitted to the website with the understanding that it will be used for publication on the website may be published on the internet and may, therefore, be publicly available.
Any Personal Information submitted for publication implies agreement to cross-border transfers of Personal Information.
Unsolicited Personal Information is Personal Information we receive that we have taken no active steps to collect. If the information we receive is not required for GESA to perform one or more of our services or activities, we will destroy the information as soon as practicable.
Maintaining the Quality of your Personal Information
GESA takes reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date. However, the accuracy of that information depends to a large extent on the information you provide. It is an important to us that your Personal Information is up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. We recommend that you let us know if there are any errors in your Personal Information and that you keep us updated with changes to your information.
Security and Disposal of Personal Information
GESA takes reasonable steps to protect any of your Personal Information that we hold. Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of seven years.
You can also help to protect the privacy of your Personal Information by keeping passwords secret and by ensuring that you log out of the website when you have completed your transaction. If you become aware of any security breach please contact GESA head office as soon as possible.
Securing Your Data
GESA will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of Personal Information.
GESA will store all the Personal Information provided on secure servers.
Information relating to electronic transactions entered via this website will be protected by encryption technology.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions as allowed by law. If you wish to access your Personal Information please contact us in writing. We will assess your request and provide you with a response, usually within ten working days.
GESA will not charge any fee for your access request, however, we may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
If we refuse your request, or if we refuse to give you access in the manner you request, GESA’s policy is to provide you with written confirmation of the reasons for our refusal and the available complaint process.
Members can access and update their contact details by logging in to the member-only area of the GESA website. For any Personal Information that cannot be accessed and corrected through the GESA website please contact us using the contact information on the 'Contact' page of this website.
You may opt out of receiving our marketing, advertising and promotional notices, offers and communications by emailing us at the email address listed on the 'Contact' page of this website, or by following the ‘unsubscribe’ link in our email communication campaigns.
Policy Updates and Variations
This policy may be changed (varied or updated) from time to time in accordance with any legislative changes, changes to our practices or changes to the way we collect, use and disclose any Personal Information.
We will endeavour to deal with your complaint and take any steps necessary to resolve the matter promptly, usually within ten business days.
If your complaint is unable to be resolved within ten business days we will advise you in writing to let you know when we expect to provide our response.
If you are not satisfied with our response you can refer your complaint to the Office of the Australian Information Commissioner whose contact details can be found at https://www.oaic.gov.au/about-us/contact-us