Background Information

Scientia Clinical Research LTD (Scientia) collects, holds, uses, discloses and processes personal information (data)[1] related to clinical trial participants, patients, individuals registering on our study participant database, clients, suppliers, vendors and employees. The information collected by Scientia may be accessed by staff members or other individuals engaged by Scientia who may be required to use the information in the process of their standard clinical trial or business activities.

Scientia acts as a data controller in that we define how and why personal data is processed in order to provide services to our customers and to fulfil our business activities.

Scientia understands the importance of protecting the privacy of an individual’s personal information including the protection and security of health information obtained from clinical trial participants. Our data controlling and processing activities are regulated by national and applicable international privacy laws and by national and global industry specific regulations including but not limited to ICH Good Clinical Practice and Australian NHMRC National Statement.

1. Purpose and Scope of this Policy

This policy sets out how Scientia aims to protect the privacy of an individual’s personal information, their rights in relation to their personal information controlled by Scientia and the way Scientia collects, holds, uses, discloses and processes personal information.

In controlling and handling personal information, Scientia will comply with the Privacy Act 1988 (Cth) which includes the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW), which includes the Health Privacy Principles (HPPs). Scientia will comply with the APPs (in regard to all personal information) and the HPPs (in regard to all health information) and any other applicable privacy and data protection laws to the extent such laws apply to Scientia.

This policy applies to all Scientia employees and contractors (individuals or an entity) who have access to personal information that is handled and controlled by Scientia.

2. Definitions

Data Controller – is the individual or the legal person who controls and is responsible for the keeping and use of personal information on computer or in structured manual files.

Data Processor – processes personal data only on behalf of the controller usually an external third party.

Personal Information (Data) – means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.

Sensitive Information – is a type of personal information and includes but is not limited to information about an individual’s health (including predictive genetic information), racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, criminal record, biometric information that is to be used for certain purposes, biometric templates.

In this Policy reference to “Personal Information/Data” incudes the meaning of “Sensitive Information unless stated otherwise.

Unsolicited Personal Information – is information received by Scientia where the Scientia has taken no active step to collect the information. This usually happens by unauthorized disclosure of a third party (e.g. information send in a misdirected email).

3. Personal Information that is exempted from the APP

Exempted from the requirements of the Privacy Act is the collection, holding, use or disclosure of personal information that is considered a Scientia employee record, which contains personal information related to the employment of an employee, and which is held by Scientia. These records may include the employee’s health information, information about the engagement, training, performance, termination, terms and conditions of the employment (Act 7B3).

Access and management of employee records is supervised and managed by Scientia’s CEO. Authorised Scientia employees who are working in a human resource capacity have access to employee record and ensure these records are handled in a confidential manner and only for purposes related to current or former employment relationship.

4. What Kind of Information Does Scientia Collect?

The kind of personal information Scientia may collect and hold depends on the nature of the individual’s relationship with Scentia. Examples include but are not limited to:

Clinical Trial Participant or Patient:

  • contact and identification information such as your name, title, address, telephone number, email address, date of birth, sex/gender, driver’s licence number and expiry date, Medicare care number;
  • sensitive information including physical or mental health information, disability status, racial or ethnic origin, cultural background or culturally sensitive issues, details relating to past and present health issues;
  • bank account information (for reimbursement)
  • details related to lifestyle factors such as smoking status, use of drugs (prescribed, over-the-counter and illicit), consumption of alcohol;
  • details related to body height, weight and other physiological measurements (e.g. heart rate, blood pressure, etc.);

Client and Sponsors:

  • name, address, email address, contact telephone number

Supplier, Vendor and other Service Providers:

  • name, address, email address, contact telephone number
  • business records, professional information, qualification, confidential information on goods and services
  • billing information

Candidate Seeking Employment:

  • name, address, email address, contact telephone number
  • qualifications and resume
  • relevant sensitive information and additional information required for visa application if required

Employee:

  • name, address, email address, contact telephone number, emergency contacts
  • resume and qualifications
  • taxation and bank and other payment details
  • date of birth, medical history and other health information
  • training, performance, termination, terms and conditions
  • additional information required for visa application if required

5. How Does Scientia Collect Personal Information

Generally, Scientia collects personal information directly from the individual, through an interaction or exchange in person or by way of telephone, facsimile, email or post, communication technologies (e.g. instant messaging, voice chat, file sharing platforms), or through completion of a form or questionnaire.

The use of Scientia’s website does not require to submit personal information, however, individuals interested in participating in a clinical study may complete an on-line registration to be contacted by Scientia staff and to be added to Scientia’s study participant database.

There may be occasions when Scientia collects personal information from other sources such as:

  • an information services provider, an agency;
  • a publicly maintained record or other publicly available sources of information including social media and similar websites; or
  • if for recruitment purposes, an external recruitment or background screening services provider.

Generally, Scientia will only collect personal information from sources other than an individual if it is unreasonable or impracticable to collect the relevant personal information through direct contact.

6. Privacy Notices and Consent

Before or at the time, or if this is unreasonable or impractical as soon as feasible after personal information is collected, an individual is informed or made aware relevant privacy notices including but not limited to:

  • the purpose for which Scientia collected the information;
  • if Scientia has collected information from someone else than the individual;
  • the consequences if information or some of the required information is not collected by Scientia;
  • third parties to which Scientia is likely to disclose the information;
  • if Scientia may disclose the personal information to overseas recipients and the likely counties;
  • how long Scientia will keep the personal information collected;
  • this privacy Policy and their rights regarding their personal information.

Scientia will obtain freely given consent from individuals to handle and process their information during the time the information is under control of Scienta. The ability to withdraw consent at any time unless required by law will be documented. Where personal information is directly provided by an individual to Scientia, and the individual was provided with a relevant privacy notice at the time of collection, consent will be inferred.

Specific informed consent to process sensitive information is required from clinical trial participants and described in detail in the Participant Information and Consent Form (PICF).

7. The Use of Personal Information

The purpose for which Scientia collects, holds, uses and discloses Personal Information (refer to Section 5 for more details) where it is reasonably necessary includes but is not limited to:

  • the conduct of clinical trials and clinical research including investigating and developing medicines, biomedical equipment, devices and other procedures and treatments in order to improve healthcare outcomes for patients ;
  • to provide healthy subjects and patients with information related to participating in a clinical trial;
  • to match potential study participants with clinical trials;
  • to establish and maintain a database of potential candidates willing to participate in clinical trials;
  • study participant and patient management
  • client service management;
  • vendor and supplier management;
  • business relationship management;
  • promotion and marketing of our services or selected third parties;
  • human resource, employee management and training;
  • assessing applications for employment with Scientia or for engaging contractors or consultants; and
  • meeting any legal and regulatory requirements Scientia is subject to, or that may be imposed upon Scientia.

Scientia may also use personal information for purposes related to the above purposes and for which one would reasonably expect Scientia to do so in the circumstances, or where an individual has consented or the use is otherwise in accordance with law.

Where personal information is used or disclosed, Scientia takes steps reasonable in the circumstances to ensure it is relevant to the purpose for which it is to be used or disclosed. Individuals are under no obligation to provide their personal information to Scientia. However, without certain information, Scientia may not be able to provide its services.

8. Disclosure of Personal Information

Scientia discloses an individual’s personal information for the purpose for which Scientia collects it. That is, generally, Scientia will only disclose personal information for a purpose set out at Section 7. This may include disclosing your personal information to those who have an operational need or who have legislative authority, such as:

  • sponsors of a clinical trial;
  • vendors processing data collected in clinical trials;
  • regulatory authorities;
  • the Human Research Ethics Committee (HREC) involved in a clinical trial;
  • people or entities considering acquiring an interest in Scientia’s enterprise or assets;
  • Scientia’s professional advisors, contractors, consultants and related bodies corporate, including auditors, certifying authorities or ethics committees, including the HREC;
  • insurance providers; and
  • regulatory bodies (such as the Office of the Australian Information Commissioner, the Australian Taxation Office, the Australian Federal Police) where disclosure is required or authorised by law.

Scientia’s disclosures of an individual’s personal information to third parties are on a confidential basis or otherwise in accordance with law. Scientia may also disclose personal information with the individual’s consent or if disclosure is required or authorised by law.

Scientia will de-identify personal information prior to disclosure where the purpose of the disclosure can be satisfied by the provision of de-identified data e.g. in clinical trials by the use of a participant or patient identification number (“pseudonyms”).

9. Overseas disclosure

Scientia may disclose personal information to overseas recipients in order to provide its services and for administrative purposes. Recipients of such disclosures may be located in North America, Europe and Asia, and may also be located in other countries. Scientia will de-identify your personal information prior to disclosure where the purpose of the disclosure can be satisfied by the provision of de-identified data.

Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, Scientia takes steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law. If you have any queries or objections to such disclosures, please contact Scientia’s Privacy Officer on the details set out in Section 15.

10. Direct Marketing

Scientia may use and disclose personal information in order to inform of services that may be of interest to an individual. In the event that the recipient does not wish to receive such communications, they can opt-out by contacting Scientia via the contact details set out in Section 14 or through any opt-out mechanism contained in relevant marketing communication.

11. Security and Integrity of Personal Information

Scientia takes steps reasonable in the circumstances to ensure that the personal information it holds is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. Scientia holds personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by authorised staff.

Scientia will destroy, anonymise or return (as applicable) personal information in circumstances where it is no longer required, unless Scientia is otherwise required or authorised by law to retain the information.

12. Privacy Data Breach

Scientia take every step to secure personal information from unauthorised access, modification or loss.

Scientia will ensure that third party service providers processing information on behalf of Scientia have appropriate controls and are obligated to promptly report any data breach to Scientia in its capacity as the data controller ,

Scientia will take any required step to take measures to mitigate the any breach and to prevent reoccurrence if possible.

Scientia will document any data breach regardless of its severity and will manage and report the breach (as required) and in compliance with the APP, the Office of the Australian Information Commissioner (OAIC) and other applicable international privacy and data breach policies.

Scientia will inform an individual without undue delay should a data breach seems likely to result in a high risk of harm to an individual.

When notified of the receipt of unsolicited personal information, then Scientia will determine if it could have collected the information in line with APP. Scientia will destroy the information if it could not have reasonably obtained this information.

13. Access and Correction of Personal Information Scientia Holds

Scientia takes steps reasonable in the circumstances to ensure personal information it holds is accurate, up-to-date, complete, relevant and not misleading. Under the Privacy Act, an individual has a right to access and seek correction of their personal information that is collected and held by Scientia. If at any time an individual would like to access or correct the personal information that Scientia holds about you, or you would like more information on Scientia’s approach to privacy, please contact Scientia’s Privacy Officer on the details set out in Section 14 below.

Scientia will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.

To obtain access to your personal information:

  • you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
  • Scientia requests that you be reasonably specific about the information you require; and
  • if Scientia refuses your request to access or correct your personal information, Scientia will provide you with written reasons for the refusal and details of complaint mechanisms. Scientia will also take steps reasonable in the circumstance to provide you with access in a manner that meets your needs and the needs of Scientia.

Individuals may request deletion or object processing of their personal data Scientia is controller of e.g. in cases where the individual withdraws consent and/or the information is no longer required (as per Section 11).

However, whereas clinical trial participants can withdraw form a trial at any time, their data will be retained as per applicable regulatory requirements and information collected prior to withdrawal of consent will be controlled and processed as defined in the relevant information and consent documentation.

Individuals registered on Scientia’s Study Participant Database may request to have their personal data deleted upon request only if they have not been screened and/or enrolled in any clinical study (including screening). If they have been screened and/or enrolled in any clinical study, however, they still may request to opt-out from any further communication e.g. information of upcoming studies.

Scientia will endeavour to respond to your request to access or correct your personal information within 30 days from your request. Third parties (processors) receiving deletion or processing objections are required to notify Scientia in a reasonable time and/or according to their agreement if applicable.

14. Contacts

For further information or enquiries regarding your personal information/data, or to opt-out of receiving any promotional or marketing communications, please contact Scientia’s Privacy Officer at: privacy@scientiaclinicalresearch.com.au.

15. Privacy Complaints

Please direct all privacy complaints to Scientia’s Privacy Officer. At all times, privacy complaints:

  • will be treated seriously;
  • will be dealt with promptly;
  • will be dealt with in a confidential manner; and
  • will not affect your existing obligations or affect the commercial arrangements between you and Scientia.

Scientia’s Privacy Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.

16. Additional Information and Resources

This Policy may be updated from time to time. The current version is available on Scientia’s website together with additional privacy notices. Electronic forms of this Policy may be requested from the Privacy Officer (see Section 14).

References and additional resources:

Integrated Addendum to ICH E6(R1): Guideline for Good Clinical Practice E6(R2), 9 Nov 2016 (or current updated version) – annotated with TGA comments (https://www.tga.gov.au/publication/note-guidance-good-clinical-practice)

National Statement on Ethical Conduct in Human Research 2007 (Updated 2018). The National Health and Medical Research Council, the Australian Research Council and Universities Australia. Commonwealth of Australia, Canberra (https://www.nhmrc.gov.au/guidelines-publications/e72)

For information on the Australian Privacy Act (1988) and the Australian Privacy Principles visit the website of the Office of the Australian Information Commissioner (https://www.oaic.gov.au/)

Lisa Nelson CEO Scientia Clinical Research

1 November 2018

Document code: HRP003-02

[1] In the context of this document, personal information and personal data are interchangeable.