Background Information
Scientia Clinical Research LTD (Scientia) collects, holds, uses, discloses and processes personal information (data)[1] related to clinical trial participants, patients, individuals registering on our study participant database, clients, suppliers, vendors and employees. The information collected by Scientia may be accessed by staff members or other individuals engaged by Scientia who may be required to use the information in the process of their standard clinical trial or business activities.
Scientia acts as a data controller in that we define how and why personal data is processed in order to provide services to our customers and to fulfil our business activities.
Scientia understands the importance of protecting the privacy of an individual’s personal information including the protection and security of health information obtained from clinical trial participants. Our data controlling and processing activities are regulated by national and applicable international privacy laws and by national and global industry specific regulations including but not limited to ICH Good Clinical Practice and Australian NHMRC National Statement.
This policy sets out how Scientia aims to protect the privacy of an individual’s personal information, their rights in relation to their personal information controlled by Scientia and the way Scientia collects, holds, uses, discloses and processes personal information.
In controlling and handling personal information, Scientia will comply with the Privacy Act 1988 (Cth) which includes the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW), which includes the Health Privacy Principles (HPPs). Scientia will comply with the APPs (in regard to all personal information) and the HPPs (in regard to all health information) and any other applicable privacy and data protection laws to the extent such laws apply to Scientia.
This policy applies to all Scientia employees and contractors (individuals or an entity) who have access to personal information that is handled and controlled by Scientia.
Data Controller – is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files.
Data Processor – processes personal data only on behalf of the controller usually an external third party.
Personal Information (Data) – means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
Sensitive Information – is a type of personal information and includes but is not limited to information about an individual’s health (including predictive genetic information), racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record, biometric information that is to be used for certain purposes, biometric templates.
In this Policy reference to “Personal Information/Data” incudes the meaning of “Sensitive Information unless stated otherwise.
Unsolicited Personal Information – is information received by Scientia where the Scientia has taken no active step to collect the information. This usually happens by unauthorized disclosure of a third party (e.g. information send in a misdirected email).
Exempted from the requirements of the Privacy Act is the collection, holding, use or disclosure of personal information that is considered a Scientia employee record, which contains personal information related to the employment of an employee, and which is held by Scientia. These records may include the employee’s health information, information about the engagement, training, performance, termination, terms and conditions of the employment (Act 7B3).
Access and management of employee records is supervised and managed by Scientia’s CEO. Authorised Scientia employees who are working in a human resource capacity have access to employee record and ensure these records are handled in a confidential manner and only for purposes related to current or former employment relationship.
The kind of personal information Scientia may collect and hold depends on the nature of the individual’s relationship with Scentia. Examples include but are not limited to:
Clinical Trial Participant or Patient:
Client and Sponsors:
Supplier, Vendor and other Service Providers:
Candidate Seeking Employment:
Employee:
Generally, Scientia collects personal information directly from the individual, through an interaction or exchange in person or by way of telephone, facsimile, email or post, communication technologies (e.g. instant messaging, voice chat, file sharing platforms), or through completion of a form or questionnaire.
The use of Scientia’s website does not require to submit personal information, however, individuals interested in participating in a clinical study may complete an on-line registration to be contacted by Scientia staff and to be added to Scientia’s study participant database.
There may be occasions when Scientia collects personal information from other sources such as:
Generally, Scientia will only collect personal information from sources other than an individual if it is unreasonable or impracticable to collect the relevant personal information through direct contact.
Before or at the time, or if this is unreasonable or impractical as soon as feasible after personal information is collected, an individual is informed or made aware relevant privacy notices including but not limited to:
Scientia will obtain freely given consent from individuals to handle and process their information during the time the information is under control of Scienta. The ability to withdraw consent at any time unless required by law will be documented. Where personal information is directly provided by an individual to Scientia, and the individual was provided with a relevant privacy notice at the time of collection, consent will be inferred.
Specific informed consent to process sensitive information is required from clinical trial participants and described in detail in the Participant Information and Consent Form (PICF).
The purpose for which Scientia collects, holds, uses and discloses Personal Information (refer to Section 5 for more details) where it is reasonably necessary includes but is not limited to:
Scientia may also use personal information for purposes related to the above purposes and for which one would reasonably expect Scientia to do so in the circumstances, or where an individual has consented or the use is otherwise in accordance with law.
Where personal information is used or disclosed, Scientia takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed. Individuals are under no obligation to provide their personal information to Scientia. However, without certain information, Scientia may not be able to provide its services.
Scientia discloses an individual’s personal information for the purpose for which Scientia collects it. That is, generally, Scientia will only disclose personal information for a purpose set out at Section 7. This may include disclosing your personal information to those who have an operational need or who have legislative authority, such as:
Scientia’s disclosures of an individual’s personal information to third parties are on a confidential basis or otherwise in accordance with law. Scientia may also disclose personal information with the individual’s consent or if disclosure is required or authorised by law.
Scientia will de-identify personal information prior to disclosure where the purpose of the disclosure can be satisfied by the provision of de-identified data e.g. in clinical trials by the use of a participant or patient identification number (“pseudonyms”).
Scientia may disclose personal information to overseas recipients in order to provide its services and for administrative purposes. Recipients of such disclosures may be located in North America, Europe and Asia, and may also be located in other countries. Scientia will de-identify your personal information prior to disclosure where the purpose of the disclosure can be satisfied by the provision of de-identified data.
Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, Scientia takes steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law. If you have any queries or objections to such disclosures, please contact Scientia’s Privacy Officer on the details set out in Section 15.
Scientia may use and disclose personal information in order to inform of services that may be of interest to an individual. In the event that the recipient does not wish to receive such communications, they can opt-out by contacting Scientia via the contact details set out in Section 14 or through any opt-out mechanism contained in relevant marketing communication.
Scientia takes steps reasonable in the circumstances to ensure that the personal information it holds is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. Scientia holds personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff.
Scientia will destroy, anonymise or return (as applicable) personal information in circumstances where it is no longer required, unless Scientia is otherwise required or authorised by law to retain the information.
Scientia take every step to secure personal information from unauthorised access, modification or loss.
Scientia will ensure that third party service providers processing information on behalf of Scientia have appropriate controls and are obligated to promptly report any data breach to Scientia in its capacity as the data controller ,
Scientia will take any required step to take measures to mitigate the any breach and to prevent reoccurrence if possible.
Scientia will document any data breach regardless of its severity and will manage and report the breach (as required) and in compliance with the APP, the Office of the Australian Information Commissioner (OAIC) and other applicable international privacy and data breach policies.
Scientia will inform an individual without undue delay should a data breach seems likely to result in a high risk of harm to an individual.
When notified of the receipt of unsolicited personal information, then Scientia will determine if it could have collected the information in line with APP. Scientia will destroy the information if it could not have reasonably obtained this information.
Scientia takes steps reasonable in the circumstances to ensure personal information it holds is accurate, up-to-date, complete, relevant and not misleading. Under the Privacy Act, an individual has a right to access and seek correction of their personal information that is collected and held by Scientia. If at any time an individual would like to access or correct the personal information that Scientia holds about you, or you would like more information on Scientia’s approach to privacy, please contact Scientia’s Privacy Officer on the details set out in Section 14 below.
Scientia will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.
To obtain access to your personal information:
Individuals may request deletion or object processing of their personal data Scientia is controller of e.g. in cases where the individual withdraws consent and/or the information is no longer required (as per Section 11).
However, whereas clinical trial participants can withdraw form a trial at any time, their data will be retained as per applicable regulatory requirements and information collected prior to withdrawal of consent will be controlled and processed as defined in the relevant information and consent documentation.
Individuals registered on Scientia’s Study Participant Database may request to have their personal data deleted upon request only if they have not been screened and/or enrolled in any clinical study (including screening). If they have been screened and/or enrolled in any clinical study, however, they still may request to opt-out from any further communication e.g. information of upcoming studies.
Scientia will endeavour to respond to your request to access or correct your personal information within 30 days from your request. Third parties (processors) receiving deletion or processing objections are required to notify Scientia in a reasonable time and/or according to their agreement if applicable.
For further information or enquiries regarding your personal information/data, or to opt-out of receiving any promotional or marketing communications, please contact Scientia’s Privacy Officer at: privacy@scientiaclinicalresearch.com.au.
Please direct all privacy complaints to Scientia’s Privacy Officer. At all times, privacy complaints:
Scientia’s Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.
This Policy may be updated from time to time. The current version is available on Scientia’s website together with additional privacy notices. Electronic forms of this Policy may be requested from the Privacy Officer (see Section 14).
References and additional resources:
Integrated Addendum to ICH E6(R1): Guideline for Good Clinical Practice E6(R2), 9 Nov 2016 (or current updated version) – annotated with TGA comments (https://www.tga.gov.au/publication/note-guidance-good-clinical-practice)
National Statement on Ethical Conduct in Human Research 2007 (Updated 2018). The National Health and Medical Research Council, the Australian Research Council and Universities Australia. Commonwealth of Australia, Canberra (https://www.nhmrc.gov.au/guidelines-publications/e72)
For information on the Australian Privacy Act (1988) and the Australian Privacy Principles visit the website of the Office of the Australian Information Commissioner (https://www.oaic.gov.au/)
Lisa Nelson CEO Scientia Clinical Research
1 November 2018
Document code: HRP003-02
[1] In the context of this document, personal information and personal data are interchangeable.