This Privacy Policy applies to all personal information (i.e information about you) collected by NHIR Institute Pty Ltd (ACN 670 556 224) (we, us or our) via the website located at www.nhir.org (Website).

1. Types of information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and

(b) whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive Information will be used by us only:

(a) for the primary purpose for which it was obtained;

(b) for a secondary purpose that is directly related to the primary purpose; and

(c) with your consent or where required or authorised by law.

2. What information do we collect?

The kind of Personal Information and Sensitive Information that we collect from you will depend on how you use the Website.

Given the nature of our business, from time to time Sensitive Information about you including political opinions and beliefs will also be collected or even assumed by your use of the Website.

3. How we collect your Information

The Information which we collect and hold about you may include information that you voluntarily disclose and information that is automatically collected such as:

(a) information collected when you register or update your details in email subscriptions, for example your profile including identifying information such as your name, phone number, email address, physical address and other information of that kind;

(b) personalization preferences or requests for information you select as you use the Website, for example the kinds of alerts you would like to receive and the method of delivery;

(c) any messages or comments you submit via the Website including identifying information such as your name and email address for example any information we may collect through a ‘contact us’ type form;

(d) information submitted to online facilities such as search tools;

(e) tracking information we collect as you use the Website including which areas of the site you visit, including your IP address or browser information about your computer’s operating system, application version, language settings and pages that have been shown to you;

(f) if you are using a mobile device, we might also collect data that identifies your mobile device, device-specific settings and characteristics and latitude/longitude details. We might also calculate and process data related to the type of apps installed on a mobile device, such as the name of the app, an app description and the category it belongs to.

Where reasonable and practicable we collect your Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.

4. Purpose of collection

(a) We collect information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business or the field.

(b) We customarily only disclose Information to our service providers who assist us in operating the Website. Your Information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.

(c) By using our Website, you consent to the receipt of direct marketing material. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.

5. Security, Access and correction

(a) We store your Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Information for the purpose for which we obtained in, we will take reasonable steps to destroy and anonymise or de-identify it.

(b) The Australian Privacy Principles:

(i) permit you to obtain access to the Information we hold about you in certain circumstances (Australian Privacy Principle 12); and

(ii) allow you to correct inaccurate Information subject to certain exceptions (Australian Privacy Principle 13).

(c) Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.

6. Complaint procedure

If you have a complaint concerning the manner in which we maintain the privacy of your Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by Legal Counsel and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.

7. Overseas transfer

Please note also that we may use overseas facilities to process or back up its information including cloud based applications and servers located outside of Australia. As a result, we may transfer your information to our overseas facilities for storage. However, this does not change any of our commitments to safeguard your privacy. We strive to ensure that any transmission of information cross border relies on secure servers in nations that have privacy and data protection laws substantially similar to those in Australia in accordance with our commitments to safeguard your privacy. However there is an inherent risk in the use of the Internet and cloud based applications and accordingly we cannot guarantee that your information will not be transmitted to, or intercepted by, parties located in nations that do not enforce such systems.

Transmission of information overseas may also be required either when information is sent directly to you (and you are residing overseas), or to obtain further information from international organisations to aid services provided. Again, to the extent possible, the information will only be transferred to another country where we reasonably believe the other country has privacy laws substantially similar those in Australia.

If you are located in a country that does not have privacy and data protection laws substantially similar to Australia, then we cannot make any warranty or guarantee in relation to the protection of any information transmitted to or from you.

Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

8. General Data Protection Regulation 2016/679 (“GDPR”)

If you are an individual resident of an EU member state, then the GDPR applies to our collection, storage and use of your information. In addition to the general provisions set out in this document, the provisions in this section will apply to you and to the extent of any conflict with the general provisions, the provisions in this section will prevail.

(a) As we are incorporated in Australia, you acknowledge and expressly agree that all of your information will be transmitted outside of the EU and in particular to Australia or any other country of our choice for processing purposes.

(b) We may be required to disclose your information to any governmental body, supervisory authority or regulator in the EU as required by the GDPR from time to time. We may also be required to make mandatory disclosures of any data breaches relating to your information in accordance with the GDPR.

(c) If you request a copy of any information held about you, then to the extent reasonably possible (and provided the general provisions of this document relating to such a request are met) then in accordance with the GDPR we will endeavour to provide such information in a structured, commonly used, machine-readable and interoperable format that enables data portability.

(d) Any right you have to access, erasure and portability of your information under the GDPR is restricted in the manner set out in Article 23 of the GDPR.

(e) In relation to any direct marketing activities undertaken by us or third party providers in accordance with this document, you are entitled to object to such direct marketing activities.

(f) You are entitled to object to any profiling of you that is undertaken by us, or automatically by machines, as a result of the collection and processing of your information however, given the nature of the Website, if you do object it is likely that you will be unable to access the Website at all.

(g) We will, where reasonably practicable and necessary, encrypt your information. However, you acknowledge and agree that it is unreasonable and inappropriate for us to use pseudonyms for data processing.

9. How to contact us about privacy

If you have any queries, or if you seek access to your Information, or if you have a complaint about our privacy practices, you can contact us through: legal@nhir.org. We will respond to your enquiry within 14 days.