- collect your information
- use your personal information
- disclose your personal information.
This policy outlines how we comply with our privacy obligations as set out under the Privacy Act (1988)(as amended) and the Australian Privacy Principles (APP). See www.oaic.gov.au/privacy/privacy-act/the-privacy-act
Who is Identilab and what does it do?
Identilab is a company that provides specialist DNA testing services in human identification science.
What is personal information?
“Personal information” includes any information from which your identity is apparent; more specifically, it is defined as any “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not”.
“Sensitive information” is a subset of personal information and includes racial or ethnic origin and genetic information.
Collection of your personal information
We collect the following types of personal information about you during the course of your use of our website and/or service:
- email address
- date of birth
- telephone number
- credit/debit card number
- genetic/parentage information
If you are undergoing testing for legally admissible results, we also collect photo identification to verify your identity (as sighted by a qualifying witness).
We collect the personal information disclosed to us by you in a number of ways. If you intend on using our services then we will collect this information in the course of you completing an application together with any information that you provide with your sample collection kit. We may also collect personal information from you in the course of your use of our website, over the internet, via email or from a telephone conversation.
Personal information will also be collected in other circumstances, such as when other persons or entities ask us to perform DNA testing services on your behalf, for example, Child Safety Services or the Department of Immigration and Border Protection.
Other information collected during the use of our website may be used solely to track how many individuals use our site and which pages they use. This information enables us to improve our site for all users. We do not share, sell or pass on any of this information to third parties. A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site.
Like most standard site servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc. are not linked to personally identifiable information.
Use of your personal information by us
The purpose for which we collect personal information is to provide you with the best service experience possible and for our internal business purposes that form part of normal business practices. To do this, the collection, use and disclosure of your personal information is limited to conducting the specific services you have instructed us to undertake and to provide users with a better experience in using the site.
Security of your personal information
All reasonable care has been taken to ensure that your personal information is stored in a safe and secure manner.
Your personal information is recorded in an electronic database held by us. Access to this database is restricted (through password protection) to selected employees of Identilab. Employees who have access to your personal information have signed confidentiality deeds.
Electronic security measures are in place to prevent unauthorised access, interception or intrusion to your personal information, and to ensure that the information is properly and securely backed up. However, neither people nor security systems are infallible, including encryption systems. While we use all reasonable efforts to protect your personal information, we cannot guarantee its absolute security.
In accessing our services, you accept that electronic mail and other transmissions passing over the internet may not be free from interference by outside parties and may not remain confidential. In consequence, we cannot guarantee the privacy or confidentiality of any information passing over the internet.
The results of DNA test results and related information are disclosed as follows:
- To all sample donors over the age of 18 (except in the case of services commissioned by Child Safety Services, in which case the results will be disclosed to the relevant Case Manager only).
- If the guardian of a minor child/incapacitated adult has not contributed their own DNA sample for testing, but has signed the consent for the testing procedure to be carried out on that minor child/incapacitated adult, they will also have the results disclosed to them.
- If our services have been engaged for the purposes of visa or citizenship application, results will also be disclosed to the Department of Immigration and Border Protection. This can include sending results to overseas branches of DIBP.
Apart from such circumstances, we may disclose personal information in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring or interfering (intentionally or unintentionally) with our rights or property, users or anyone else who could be harmed by such activities.
We also use your personal information as necessary to manage our accounts and obtain payment for the services we provide. If the circumstances require, we may disclose your personal information to our insurers or to third parties who collect outstanding accounts on our behalf.
We may use your personal information for internal teaching purposes or to monitor, evaluate, plan and improve the services we provide. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.
We may also disclose personal information as required by law.
In the event that we sell or buy businesses or their assets, or engage in transfers, acquisitions, mergers, restructurings, changes of control and other similar transactions, customer information is generally one of the transferable business assets. Thus, your personal information may be subject to such a transfer. In the unlikely event of insolvency, personal information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.
Aside from the above exceptions, we will only disclose personal information to an unrelated third party with your consent.
What happens if we do not collect your personal information?
If you don’t provide us with all the personal information we request, we may not be able to provide genetic testing services to you. We only collect as much personal information from you as we need to provide you with services and to allow us to obtain payment for those services.
Your privacy is very important to us. If you have any questions regarding:
- our information practices
- corrections to information we hold about you
- the manner in which we handle your information
- complaints about us
- or any other privacy aspects of our website or service, you can contact us at:
Att: The Privacy Officer
Identilab Pty Ltd
PO Box 120
Holland Park QLD 4121
Phone: 1300 114 294
Fax: 07 3088 5507
You will need to be in a position to verify your identity. Anonymity and pseudonymity is impractical in circumstances when requesting personal information from us given the services we provide and our obligation to protect personal information.
You should also anticipate that it may take a little time to process your application for access as there may be a need to confirm the validity of your request, retrieve information from storage and review information in order to determine what information may be provided.
Access and Correction
Australian Privacy Principle 6 of the Privacy Act 1988 (Cth) allows you to get access to, and correct, the personal information we hold about you in certain circumstances. If you would like to obtain such access, please contact us on the details set out above.
We may refuse access if it would interfere with the privacy rights of other persons or if it breaches any confidentiality that attaches to that information.
Australian Privacy Principle 1 of the Privacy Act 1988 (Cth) allows you to make a complaint about any alleged breaches of privacy. In order to lodge a complaint with us, please contact us.
When you notify the Privacy Officer of a possible complaint a “Privacy Complaint Form” will be forwarded to you to complete and return. The Privacy Officer will reply to you within 14 days of receiving the completed form with the response to the complaint.
You can also make complaints to the Privacy Commissioner. We will make every effort to resolve any complaints that you may have as quickly as possible.
Retention of Information
We retain information for as long as required, allowed or we believe it useful, but do not undertake retention obligations. We may dispose of information in our discretion without notice, subject to applicable laws that specifically requires the handling or retention of information. You must keep your own, separate back-up records.
The website is not hosted in Australia. For that reason, we transfer all data on the website (including all personal information) to our hosting service provider in Canada. You hereby consent to this transfer.
Last updated on: 31st October 2017