Your Privacy Matters
The Australian Genome Research Facility (AGRF) is committed to handling personal information (including health information and other sensitive information) in accordance with all applicable privacy laws, including the Australian Privacy Principles set out in the Privacy Act 1988.
AGRF is a not-for-profit organisation established under the Major National Research Facilities funding of the Commonwealth Government and is Australia’s largest genomic service provider. Along with our state-of-the-art facilities and technologies, we also offer scientific and technical expertise in consultation with users of our services.
Our clients are organisations from industries such as: medicine, healthcare, agriculture, bio-products, environment, food, water, energy and mining sectors. We offer a range of services covering all aspects of genomics. These include: Next Generation Sequencing, Long Read Sequencing, Sanger Sequencing, Genotyping, Bioinformatics and DNA extraction.
AGRF’s Privacy Policy has two components:
AGRF’s ‘Website Privacy Statement’, which explains:
collection of personal information via our website
use and disclosure of personal information provided to us via our website
website analytics
social media websites and applications
‘How AGRF Collects and Manages Information’, which explains:
what sort of information AGRF collects and why
what AGRF does with the information
how AGRF stores and protects personal information
how AGRF destroys and deletes personal information after use
unsolicited personal information
how to access or correct the information
how to complain about AGRF's handling of personal information
In this policy 'we' and 'us' refers to AGRF and 'you' refers to any individual or company about whom we collect personal information. Personal information is any information or opinion that identifies you or is capable of identifying you, as an individual.
1. Website Privacy Statement
This Website Privacy Statement applies to AGRF's websites with the domain agrf.org.au. It explains how AGRF handles your personal information when you use our websites.
The practices outlined in this Statement are subject to any rights AGRF may have to handle personal information in accordance with, and authorised by or under, Australian law.
This Statement only relates to AGRF's websites. When following links to other sites from our websites, you should access the privacy statement of that site for information about its privacy practices.
1.1 Collection of personal information via our websites
AGRF maintains multiple externally-facing websites that each provide specific functions, including our Client Portal. Some of our websites exist to provide information for our clients and require you to disclose personal information to register for our services. However, you can access AGRF’s public-facing website (www.agrf.org.au) anonymously, without disclosing your personal information.
The personal information we may collect via our website includes, but is not limited to, information you submit to us when you request a quote for services, register for an account with us, join our mailing list or provide us with feedback. This information may include personal information such as your name, email address, location and postal addresses, telephone number, bank account details and your opinions.
1.2 Use and disclosure of personal information provided via our websites
In addition to providing our services to you and carrying out your requests, we may use or disclose personal information that we collect about you via our websites for the following:
any purpose disclosed on our websites for the collection of the information, purposes connected with the operation, administration, development or enhancement of our websites
where we suspect that fraud or unlawful activity has been, is being or may be engaged in
any other purposes required or authorised by or under Australian law
We may share personal information within AGRF, such as information you enter into our websites and the content of email or other electronic messages that we receive. Any personal information provided via our websites or messages will be used and disclosed in accordance with the AGRF's privacy policy.
We will not add email addresses and any other contact details you provide to a mailing list at your request.
We will not disclose your personal information to any third party, without your consent, unless we are required or authorised to do so by or under Australian law or we are required to do so to deliver our services.
1.3 Website analytics
AGRF also collects statistical information about visitors to our websites using web analytics and session recording technology provided by third party service providers such as Google Analytics. These services use Cookies to assist us in understanding how visitors access and utilise our sites. Generally this information cannot be used to identify particular individuals. However, in some circumstances it may include a visitor's internet protocol (IP) address, which could be linked to an individual.
1.4 Social media websites and applications
AGRF uses social media websites to share information and to engage with the public.
www.agrf.org.au interfaces with social media websites such as Facebook, LinkedIn, Twitter and Instagram. If you choose to "like" or "share" information from this website through these services, you should review the privacy policy of that service.
Some social media websites and applications may make personally identifiable information available to the public. AGRF will not share any personally identifiable information that becomes available through the use of social media websites or applications.
2. How AGRF Collects and Manages Information
2.1 What sort of personal and health information does AGRF collect and why?
AGRF provides genomic services to researchers and industry where these organisations outsource their genomic services. AGRF does not provide direct-to-consumer services, such as people requesting DNA sequencing on their own sample.
AGRF uses a rigorous system of applying an anonymised identification code for each sample received from organisations who use AGRF as a service provider. We do not request the personal or health information of people whose samples are sent to us. Instead, we request the use of identification codes from the referring organisation to use when sending through samples, which removes the need for AGRF to collect and manage personal, health and sensitive information for individual samples.
AGRF does collect personal information from client organisations that use AGRF as a service provider, reasonably necessary to enable us to perform operational and administrative functions as a genomics service provider. We collect information you, as a client organisation, give us online or by email, post, facsimile, face-to-face or over the phone. This information may include your name, phone number and other relevant details. We may also collect your payment details record them in our financial systems.
2.2 What does AGRF do with personal and health information?
AGRF uses personal information for the purposes that it was provided.
We may disclose your personal information to other individuals or organisations that assist us in supplying our services, or who perform functions on our behalf. We will not disclose information in a way that identifies an individual or organisation except to the extent we are required to do so to deliver genomic services.
AGRF does not typically or routinely disclose personal information to overseas recipients.
We will always ask you to inform us if you do not consent to us using your personal information for direct marketing.
2.3 How does AGRF store and protect personal and health information?
AGRF uses a number of procedural, physical, software and hardware safeguards, together with access controls and backup systems to protect information from misuse, interference and loss, unauthorised access, modification and disclosure.
We hold personal information in paper-based and electronic records and systems. Personal information may be collected in paper-based documents and converted to electronic form for storage, with the original paper-based documents either archived at our office sites or securely destroyed.
Personal information in electronic form is held in AGRF’s computer systems and is accessible to AGRF staff who require this information to provide genomic services. All our staff are bound by a formal code of conduct. We educate and supervise staff to ensure information is handled in accordance with this privacy policy and privacy laws, and with respect and care.
We maintain computer and network security by using physically secure servers, firewalls, user identifiers and passwords to control access to our computer system. Our data security meets the requirements for control of data and information management, medical testing and privacy policy from the National Association of Testing Authorities (Section 7,11; ISO:15189).
Our data security measures are described below:
Site Access Control: prevention of unregistered personnel from gaining access to sites which process and use data
System Access Control: prevention of data processing systems from being used without authorisation
Data Access Control: processes and mechanisms are in place to ensure authorised personnel have access only to the data they are authorised to access and that data cannot be read, copied, modified, or removed without authorisation during processing, use and storage
Transfer Control: ensure that data cannot be read, copied, modified or removed without authorisation when saving to data storage media. Data delivered via AGRF’s off-site data storage service is encrypted and is signed by a certificate authority to ensure the connection between client and server is trusted
Input Control: actively monitor to establish whether and by whom data has been entered, modified or removed in data storage systems
Availability Control: processes and mechanisms are in place to protect against accidental destruction and loss of data
Notification Control: should a security breach occur that is likely to result in a risk to data privacy, we will inform affected parties, as well as notifying relevant authorities about the security breach when required by applicable data protection laws, as soon as reasonably possible
2.4 Unsolicited personal and health information
Unsolicited personal information is personal information received by an entity that has not been requested by that entity. At times, we may receive personal information that we have not requested.
Where we receive any unsolicited personal information, in accordance with Australian Privacy Principles, we will securely destroy or de-identify this information as soon as practicable, if it is lawful and reasonable to do so. If it is not lawful and reasonable to do so, then we will ensure we store this information securely.
2.5 Access to and correction of personal information
We endeavour to ensure that your personal information is accurate, complete and up-to-date whenever we use it. You can assist us with this by letting us know if your details change or if you notice errors or discrepancies in information we hold about you.
If you would like to access your personal information or believe that your personal information is inaccurate and would like it corrected, you can contact AGRF’s Privacy Officer at privacy@agrf.org.au or call us on 1300 247 301.
2.6 How does AGRF handle complaints about privacy?
If you have any questions or concerns about this Privacy Policy or how your personal information has been handled by AGRF please contact us using the details in the "How to contact us" section below. We will attempt to resolve any privacy complaint in a fair and timely way.
If you are not satisfied with our response, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, you are entitled to make a complaint to the Office of the Australian Information Commissioner, which can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.
2.7 How are changes to this privacy policy made?
AGRF may amend this Privacy Policy from time-to-time, with or without notice to you. We recommend that you visit www.agrf.org.au regularly to keep up to date with any changes.
How to contact us:
In writing:
The Privacy Officer, AGRF,
Level 13, Victorian Comprehensive Cancer Centre
305 Grattan St
Melbourne VIC 3000
By telephone:
1300 247 301
By email:
privacy@agrf.org.au