The Gene Council
ABN: 89 790 976 284
Updated: 10 May 2019
The Gene Council is a genetic testing and consultancy service based in Perth, Australia that provides genetic testing, counselling, information, advice and consultancy services including via its website at https://www.thegenecouncil.com.au/.
Our privacy commitment
What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
This includes information such as name, date of birth, gender, contact information, credit/debit card information, health information and other information about your history with, or relationship to cancer.
How does The Gene Council collect your personal information?
How we collect your information In order to provide you with service, we may collect your information in person, through our website (for example, when you book an appointment online), during phone or video calls, by email, via social media, or via other enquiries or communications.
Generally, we collect your information directly from you but we may also obtain personal information from third parties such as your health professionals, or your blood relatives (if they are also clients of our service). If we collect information about you from a third party, we will take reasonable steps to maintain the confidentiality your personal information. We also comply with any additional obligations arising under the Australian Privacy Laws. We will only collect your personal information from someone else if we have your consent, or if it is authorised or required by law, or if it is not reasonable or practical to collect that information from you.
Participation in any research studies with ethics approval from an Australian Human Research Ethics Committee (HREC) may have additional obligations in relation to collection of personal information. Such projects will comply with the conditions of the ethics approval by the relevant HREC.
What information does The Gene Council collect?
We may collect your name, phone number, email, mailing address, medical history, age, sex, gender, current medications, preferences and interests, and other information relevant to providing you with service. We may also collect your bank or credit card details for payment purposes.
As part of administering The Gene Council’s services, we collect health information and other sensitive information. For example, we will collect medical history information from you. Sensitive information is defined by law as the following type of information: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; memberships; sexual orientation; genetic information; biometric information; biometric templates.
Why does The Gene Council need your information?
We will only collect the information necessary to deliver a service to you, or where it is required for research purposes and you have specifically consented to the collection of that information. This includes facilitating genetic testing, providing genetic or medical assessments and treatment management advice, internal record keeping, communicating with you about our services, creating and updating our database(s) and other records, ensuring compliance with our contractual and other legal obligations to you, and administering our relationship with you by responding to your enquiries. You are free to provide (or not provide) any information you choose. However, if you do not provide us with your information we may not be able to carry out some or all of these activities, and may not be able to provide you with services or accurate information.
How does The Gene Council use or disclose your information?
By submitting your information to us, you consent to us using or disclosing your information for:
(a) providing you with services and facilitating the provision third party services (for example, laboratory services);
(b) any purpose related to providing you with services that could be reasonably anticipated at the time your information was collected
(c) any purpose to which you otherwise consent (including as disclosed to you in an information collection statement at the point where we collect your information); and
(d) any other purpose required or authorised by law (including the Australian Privacy Laws).
We may disclose your information to our partners, suppliers and distributors in order to assist us in providing services to you. Some of our service providers (including some of the labs that we use for genetic and other testing), or the services they provide (like cloud storage services), may be based outside Australia. In order to protect your information, we take care where possible to work with service providers who we consider maintain acceptable standards of data security compliance, and we do our part to meet those standards as they apply to us. By providing us with your information, you consent to your information being used, stored and disclosed overseas (and acknowledge that no additional obligations that may apply to the overseas disclosure of personal information under Australian Privacy Laws will apply).
We may use non-personally identifiable information (such as anonymous usage data, IP addresses, browser or platform type etc.) to improve the quality, design and delivery of our services by storing, tracking, analysing and processing user preferences and trends as well as user activity and communications.
We may also disclose your information in other ways with your consent or to any other party where we are authorised or required to do so by law (including the Australian Privacy Laws).
We take all reasonable steps to keep your information secure and to ensure it is protected against misuse, loss, unauthorised access, modification or inappropriate disclosure.
We may need to disclose your personal information to others in order to provide you with service. This may include:
- External support services: to health care professionals, lawyers, other professionals, counsellors, service providers, agencies and not-for-profits that provide you with healthcare or support services.
- Researchers: to conduct research studies to the causes of cancer, as well as diagnosis, treatment and cures.
- Contractors and service providers: who perform services on our behalf, such as laboratories and pathology providers (for your genetic testing).
Where is your personal information stored?
Your personal information will be stored on the Halaxy online health practice management software platform. Data is backed up daily and protected by 256-bit bank grade security and encryption. Data is secure at rest and in transit and is stored safely here in Australia. Your personal information is encrypted and access to The Gene Council’s Halaxy account is restricted to authorised staff only.
Your payment information is managed and stored by Halaxy’s payment gateway BrainTree, a validated Level 1 PCI DSS compliant service provider. As a security measure, card details are stored and tokenised through BrainTree and not stored by Halaxy directly. This means that once entered and captured, card details are not visible to anybody within the practice or at Halaxy and cannot be retrieved by Halaxy.
Other data may temporarily be stored on our dedicated server, based in Australia. Backups of electronic information are stored with a third party provider of secure archiving services. We are a paperless service, and any hard copies are destroyed after being stored electronically.
Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Managing your personal information
If you require access to, or wish to update your personal information, please contact us at email@example.com.
You are responsible for ensuring that your information is accurate, current and complete and we encourage you to contact us to update your information if it changes. You may ask us to update or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out- of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
You may ask us to access your information in accordance with Australian Privacy Laws (as applicable), including by asking us to provide you with a summary of your information that we hold. For your protection, we may require you to confirm your identity before access to your information is granted. In most cases, we can provide you with a summary of your information free of charge. However, in some circumstances, reasonable costs may be charged to you in accessing your information in accordance with and subject to the Australian Privacy Laws.
Your rights to access personal information are not absolute and in certain circumstances, privacy laws dictate that we are not required to grant access such as:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
- access would have an unreasonable impact on the privacy of other individuals
the request is frivolous or vexatious
- denying access is required or authorised by a law or a court or tribunal order
access would be unlawful, or
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
Participants in research studies should note that access to personal information such as DNA sequences is not generally granted. This is notified to participants where applicable, at the time of committing to the research study.
Website usage and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. You can also opt out of Google Analytics by clicking on Ad Settings.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally. When you visit our website, the server may attach a “cookie” to your computer’s memory. A “cookie” assists us to store information about how you use our website and to make assumptions about what information may be of most interest to you. This information is generally not linked to your identity. We may use knowledge of your user experience to better understand what products or services may be of interest to you and to collect statistical information.
If you have a question or concern about how we handle your information please contact us. We will review any question, complaint or concern you may have and will endeavour to investigate and resolve complaints within 30 days. Please note, we may require further information from you in order to resolve any complaints. If we need more time, we will notify you about the reasons for the delay and seek to agree a longer period with you (if you do not agree, we may not be able to resolve your complaint). If we cannot resolve a complaint related to your privacy information, you may contact the Office of the Australian Information Commissioner (“OAIC”) directly.