Skip to content

Privacy Policy

I. Policy Details

    Southern Oncology Clinical Research Unit (“we”, “us”, “our”) is committed to protecting the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and the South Australian Health Care Act 2008 where applicable.

    This Privacy Policy outlines how we collect, use, store, and disclose personal information obtained through our website and related services.

    II. Scope

    This Privacy Policy applies to all personal information collected by Southern Oncology Clinical Research Unit through our website and in connection with our clinical trial activities.

    It covers how we collect, use, store, and disclose information from:

    • Patients, healthcare providers, sponsors, and collaborators.
    • Visitors to our website or users of our online forms.
    • Anyone contacting or engaging with us.

    It also applies to all staff, contractors, volunteers, and others involved in our clinical trial operations, regardless of employment status. These individuals are required to handle personal information in accordance with this policy and applicable privacy laws.

    III. Definitions

    For the purposes of this Privacy Policy, the following terms are used:

    Data Controller: The individual or organisation (in this case, Southern Oncology Clinical Research Unit) that determines how and why personal information is collected and processed. As the Data Controller, we are responsible for managing, storing, and using your personal information.

    Data Processor: A third-party entity that processes personal information on behalf of the Data Controller, under strict instructions and applicable legal obligations. This may include IT service providers, data hosting platforms, or clinical research partners.

    Personal Information (also referred to as Personal Data): Information or an opinion about an identified individual, or an individual who is reasonably identifiable. This can include, but is not limited to, a person’s name, address, email, phone number, date of birth, medical records, and any opinions or commentary about them (whether true or not), and whether recorded or not.

    Sensitive Information: A special category of personal information that includes health and medical data (including genetic and biometric information), as well as details about a person’s racial or ethnic origin, religious beliefs, political opinions, sexual orientation or practices, criminal history, or membership in professional or trade associations.

    Note: For the purposes of this policy, the term “Personal Information” includes “Sensitive Information” unless otherwise stated.

    Unsolicited Personal Information: Personal information that is received without being actively collected by us, such as when information is sent to us by mistake (e.g. via a misdirected email). If such information is received, we will determine whether it is necessary to retain it. If not, we will securely delete or de-identify it in line with our legal obligations.

    IV. Information We Collect

    The type of personal information we collect depends on your relationship with Southern Oncology Clinical Research Unit, and is limited to what is necessary to support our clinical trial activities, operations, and compliance with legal and ethical requirements.

    For clinical trial participants or patients, personal and sensitive information may be collected in the following ways:

    • With informed consent, as part of an expression of interest or eligibility screening for a clinical trial
    • Via referral from a treating doctor, specialist, or healthcare provider
    • Through direct submission via our website, such as by completing an enquiry or registration form

    This information may include:

    • Contact details (e.g. name, address, email, phone number)
    • Date of birth and gender
    • Medicare and private health insurance details
    • Health and medical history (past and current conditions)
    • Family medical history
    • Culturally sensitive information (e.g. racial or ethnic origin)
    • Lifestyle information (e.g. smoking, alcohol, or drug use)
    • Physiological measurements (e.g. height, weight, blood pressure)
    • Bank account details for reimbursement purposes (if applicable)

    Any information submitted through our website, such as contact forms or trial interest enquiries, will be stored securely and used to contact you regarding your enquiry or potential participation in a clinical trial. We will not collect health or sensitive information online without your knowledge and consent.

    We may also collect limited personal information from:

    • Clients and sponsors, including name, company details, professional contact information
    • Suppliers and service providers, such as business records, qualifications, billing details, and professional contact information
    • Job applicants, including resumes, qualifications, employment history, and visa-related information (if applicable)
    • Employees, including personal and employment details, tax and banking information, medical history (if relevant), training records, and visa documentation where required

    We only collect personal information that is necessary for our work and will handle it in accordance with applicable privacy laws. If we receive unsolicited personal information (e.g. via a misdirected email), we will assess whether it should be retained or securely destroyed in line with our obligations under the Privacy Act 1988 (Cth).

    V. How We Use Personal Information

    At Southern Oncology Clinical Research Unit, we collect, hold, and use personal information only where it is reasonably necessary to support our clinical, research, operational, and legal functions.

    Examples of how we may use your personal information include:

    • To conduct and support clinical trials and medical research, including the development of medicines, medical devices, and procedures aimed at improving healthcare outcomes
    • To provide patients with information about participating in a clinical trial and assess their eligibility
    • To support the delivery of safe and coordinated patient care throughout the clinical trial process
    • To manage relationships with sponsors, clients, vendors, and service providers
    • To administer and deliver client services
    • To promote and communicate our services, or those of selected third-party collaborators, where appropriate and permitted
    • To manage employment-related activities, including recruitment, onboarding, training, and internal HR processes
    • To assess applications from potential employees, contractors, or consultants
    • To comply with all legal, regulatory, and ethical obligations relevant to clinical research and healthcare

    We may also use your personal information for directly related purposes that you would reasonably expect, or for other uses where you have provided your consent, or where such use is otherwise authorised by law.

    We take reasonable steps to ensure that personal information is accurate, relevant, and limited to what is necessary for the intended purpose. While you are not required to provide your personal information, choosing not to may limit our ability to respond to your enquiry or offer our services, including access to clinical trial opportunities.

    VI. Disclosure of Personal Information

    We only disclose personal information for the purpose it was collected, or for a directly related purpose that a person would reasonably expect. In most cases, this means we will only share information in line with how it’s outlined in the V. How We Use Personal Information section of this policy.

    Disclosures may include sharing personal information with third parties who have a clear operational need, legal authority, or where the individual has provided consent.

    These parties may include:

    • Clinical trial sponsors
    • Vendors or service providers involved in clinical trial data processing
    • Regulatory authorities (such as the TGA or other government agencies)
    • Human Research Ethics Committees (HRECs) involved in trial oversight
    • Professional advisors and auditors, including legal, financial, or compliance consultants
    • Insurance providers, where required
    • Contractors and consultants, where necessary to carry out operational tasks
    • Parties involved in a potential business merger, acquisition, or restructure
    • Regulatory bodies such as the Office of the Australian Information Commissioner (OAIC), the Australian Taxation Office (ATO), or law enforcement, where required by law

    Where appropriate, we take steps to de-identify or pseudonymise personal information before disclosure (for example, by using participant ID codes in place of names) especially when identifiable information is not essential to the purpose of sharing.

    All disclosures are made on a confidential basis and in accordance with applicable privacy laws and ethical requirements.

    Overseas Disclosures

    In some cases, we may need to disclose personal information to trusted recipients located outside of Australia. These disclosures may be made to:

    • International research collaborators
    • Sponsors headquartered overseas
    • Technology providers that store or process data in overseas data centres

    These recipients may be located in North America, Europe, Asia, or other regions.

    We take reasonable steps to ensure that any overseas recipient either:

    • Complies with the Australian Privacy Principles (APPs), or
    • Is subject to a data protection framework that offers comparable privacy protections, unless
    • You have given your informed consent, or
    • The disclosure is otherwise required or authorised by law

    Where possible, personal information will be de-identified before it is sent overseas.

    If you have questions or concerns about how your information may be shared internationally, please contact us.

    VII. Security and Integrity of Personal Information

    At Southern Oncology Clinical Research Unit, we take all reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access, modification, or disclosure. Personal information is stored securely in both electronic and hard copy formats, accessible only to authorised staff within secure premises and protected databases.

    When personal information is no longer required, we will securely destroy, anonymise, or return it unless we are legally obliged to retain it.

    VIII. Privacy Data Breaches

    We maintain strict security measures and require third-party service providers handling personal information on our behalf to do the same. Should a data breach occur, we will promptly act to mitigate any harm, document the breach, and comply with all relevant legal requirements, including notifying affected individuals if there is a high risk of harm.

    If we receive unsolicited personal information that we could not have lawfully collected, we will securely destroy it.

    IX. Access and Correction of Personal Information

    We strive to ensure your personal information is accurate, complete, and up-to-date. Under the Privacy Act 1988 (Cth), you have the right to:

    • Access the personal information we hold about you
    • Request corrections to that information

    To make a request, please contact us. For your security, you will be asked to provide proof of identity. Please be as specific as possible about the information you wish to access or correct.

    If we deny your request, we will provide written reasons and information on how to make a complaint. We will also work with you to provide access in a way that suits your needs while protecting the privacy of others.

    You may also request deletion or object to the processing of your personal information. However, for clinical trial participants, data collected prior to withdrawal of consent will be retained and processed in accordance with regulatory requirements and the consent documentation you agreed to.

    We aim to respond to access or correction requests within 30 days. Third-party processors are required to notify us promptly of any requests they receive regarding your personal data.

    IX. Complaints

    If you have any concerns or complaints about how your personal information is handled, please contact us.

    We take all privacy complaints seriously and will:

    • Address them promptly
    • Handle them confidentially
    • Manage the process without affecting your existing obligations or business relationships with us

    Our team will investigate your complaint and keep you informed of the outcome. If you remain dissatisfied, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).