GPEx Privacy Policy

Background
This Privacy Policy describes how GPEx collects, holds, uses, discloses and protects personal information in accordance with its obligations under the Privacy Act 1988 (Cth) (Privacy Act), and the Australian Privacy Principles (APPs).GPEx is a company limited by guarantee whose primary role is to advance the education and training of primary health care professionals for the benefit of the community.

GPEx is committed to managing your personal information properly, ethically and lawfully, including (where applicable) by providing you with access to your personal information which is held by us.

Our Privacy Officer’s contact details are set out in section 15 of this Privacy Policy. Further information about privacy is also available from the Office of the Australian Information Commissioner’s website.

This Privacy Policy is made available through the GPEx website.

Purpose
This Privacy Policy describes:

• the kinds of personal (or business) information that we collect and hold
• how and why we collect your personal (or business) information
• how your personal (or business) information is used
• when and with whom we share your (or business) personal information
• how you can access and amend your personal (or business) information

Scope of this policy
This Privacy Policy applies to all GPEx website, product and service users, GPEx service providers, GPEx employees, Australian General Practice Training program participants and any person whose personal information is collected, used stored or disclosed by GPEx.

Information you give to us
Personal information is any information about you, from very sensitive through to everyday information. Examples of the type of personal information collected, used and stored by GPEx include names, addresses, contact details, age, date of birth, educational record etc.We may collect your personal information and other information directly from you:

• through our online products and services
• through email
• during face to face interviews and discussions
• over the telephone
• when you enquire about or enrol in, one of our programs
• during the delivery of your training
• through you participating in any other GPEx program or activity

You have no obligation to provide any information to us. However, failing to do so may affect our ability to deliver our programs or to otherwise interact with you. The GPEx Collection of Personal Information Consent Form is used to record your consent to GPEx collecting and using your personal information. If you provide us with information about other individuals (for example, an emergency contact’s details), we rely on you to:

• do so only with their consent
• tell them that you are providing their information to us and that their information will be treated in accordance with this Privacy Policy
• tell them how to find and obtain the most recent version of this Privacy Policy

Information we collect from other sources
We may also collect personal information and other information about you:

• from third parties, you have authorised to disclose your information
• from publicly available sources of information
• through digital communications, when you visit the GPEx website we collect your personal information from someone other than you, we will take reasonable steps to:
• make you aware that we will collect, or have collected, your personal information from another source
• inform you about what we will do with your personal information

Automated Information Collection
When you visit the GPEx website, our server makes a record of that visit and logs the following information:

• your server address
• the top level domain name (for example .com, .gov, .au, .uk)
• the date and time of the visit to the site
• the pages accessed and documents downloaded
• the previous site visited
• the type of browser used

The data listed above is collected to facilitate website and system administration, including:

• monitoring
• the prevention of security breaches
• the enhancement of the GPEx website to meet users’ needs

Where the GPEx website contains links to third party websites, GPEx accepts no responsibility for the privacy practices of those linked websites. We do not attempt to identify users or their browsing activities except in the unlikely event of a criminal investigation; for example, where a law enforcement agency has issued a warrant to inspect our server logs.

We do use cookies when people make general visits to the GPEx website. Cookies are small text files that may be transferred to your computer’s memory by the servers of some of the websites you visit. Their purpose is to track and store information about a visitor’s usage of a website. If you do not agree with the collection of your information through cookies then it is your responsibility to deactivate the cookie function on your browser prior to using the GPEx website. The extent and type of information we receive from users of the GPEx website depends on what the user does when visiting the site. Most of the information we collect is statistical only and not used to identify you.

How we use your information
Our business is to provide you with education and training services, as well as other related services and products. In order to do that effectively, we use your information for a range of different purposes, including:

• to verify your identity
• to allow you to access and use our online systems (including the GPEx website)
• to communicate with you
• to provide you with the information, products and/or services that you request from us
• to assist with the delivery of our programs
• to administer and promote our programs
• to personalise your experience on the GPEx website
• to provide support and updates
• to monitor and assess your performance and training needs
• to assess whether our programs are meeting your needs
• to perform research and analysis (including whether our programs meet the needs of primary health care professionals broadly)
• for the quality improvement of our existing (and new) programs and services
• for our internal business purposes
• subject to your consent, other purposes which we will notify you of from time to time

We do not sell your personal information to third parties.

Organisations we disclose to
Sometimes, we disclose your information to our related entities or individuals or organisations outside GPEx. Common situations in which we disclose your information include:

• sharing your information with training service providers who deliver GPEx’s training solutions
• sharing your information with other organisations as directed by you (for example, in connection with employment applications)
• disclosing your information to our contractors and other service providers (for example, in connection with external clinical placements, data management contractors, and marketing and promotional contractors)
• where we are legally authorised or required to do so (including disclosing information to courts, tribunals, dispute resolution bodies, or law enforcement and national security agencies)
• if we believe the disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety

Do we send your information overseas?
In some cases, we may disclose your information to organisations, such as our providers of cloud services and website hosting services. These organisations may be based, or have servers, outside Australia. We will only disclose your personal information in compliance with the Privacy Act and APPs and we will take reasonable steps to ensure that those organisations protect and keep confidential the information they receive from us.

Can you request to deal with us without identifying yourself?
We understand that anonymity is an important element of privacy. In most cases, we need to know who you are in order to process and/or manage your application, enquiry, training or request. You can request to deal with us anonymously or by using a pseudonym in relation to certain matters; for example, when making a complaint unless we need to know your identity in order to investigate the complaint (such as in relation to a particular service provided by a training service provider). If it is practicable to deal with us anonymously or under a pseudonym, we will take reasonable steps to ensure that the information that you provide to us anonymously or under a pseudonym is not able to be linked with other information that we may have about you. If you wish to deal with us anonymously or under a pseudonym, please contact the GPEx Privacy Officer using the contact details below.

How to access your personal (or business) information
We will provide you with access to personal (or business) information about you which is held by us, subject to the exceptions in the Privacy Act (for example, we may refuse to give you access to your personal information if giving access would have an unreasonable impact on the privacy of other people, or if your request for access is frivolous or vexatious).

Before giving you access to any information, we will require you to verify your identity in a manner that is reasonable in the circumstances and also to specify the information you wish to access. If we refuse to give you access to your information, we will provide you with reasons for our refusal. For example, if we are not satisfied as to the identity of the requester.

You will not be charged for lodging a request to access your personal (or business) information. Requests for access to information should, in the first instance, be directed to GPEx reception (at reception@gpex.com.au or by calling 08 8490 0400) who will refer the request to an appropriate person within GPEx.

How to update your personal (or business) information
We will take reasonable steps to ensure that personal (or business) information about you which is held by us is accurate, up to date, complete and relevant.
We encourage you to contact us as soon as possible in order to update any information we hold about you.

If we update or amend personal (or business) information about you that we previously disclosed to another entity, and you request that we notify that entity, we will take reasonable steps to give that notification.

If we refuse to update your information, we will provide you with the reasons for our refusal. If you ask us to, we will associate the relevant information with a statement that you have advised that the information is inaccurate or out of date.

How we keep your personal (or business) information secure
GPEx uses several physical and electronic security measures to protect personal (or business) information from misuse and loss, and from unauthorised access, modification or disclosure. For example, we restrict physical access to our offices, and we use a combination of security containers, firewalls, secure databases, computer user identifiers and passwords to protect personal information held by us.

Emails you send to us are screened by our email security systems and may be viewed by authorised GPEx information technology personnel and service providers for security purposes.

All personal information collected and stored by GPEx is held for a specified period of time, prior to eventual destruction. Time requirements for retention of personal information may be statutory in nature or, required under contract, or necessary for procedural fairness as determined by GPEx. We maintain an active Retention and Destruction schedule setting out retention times for personal and other information. GPEx regularly considers and reviews information collected to ensure that we do not collect excessive or irrelevant personal information.

Any data breaches will be treated in the manner set out in the GPEx Data Breach Response Plan to contain and reduce the risk of unauthorised access, disclosure or loss of personal information.

Subject to applicable laws and our internal policies, we take reasonable steps to destroy or de-identify personal (or business) information about you when we no longer need it.

How you can make a privacy complaint
If you have a concern about the way in which GPEx handles your personal information and wish to make a complaint, please contact GPEx’s Privacy Officer (using the contact details below). We are committed to acknowledging your complaint in a prompt manner and will give you an estimated timeframe for when we will respond to your complaint.

It is our intention to resolve your complaint to your satisfaction. However, if you do not believe that the matter has been resolved satisfactorily, you are entitled to contact the Office of the Australian Information Commissioner on 1300 363 992 (local call charges apply) or by using the other contact details on the Commissioner’s website. The Commissioner may investigate your complaint further.

If you wish, you can make a complaint directly to the Privacy Commissioner rather than contacting GPEx in the first place.

Further information
To find out more about how GPEx manages personal information, please contact us using the following details:
GPEx Privacy Officer
GPEx Ltd
Telephone: 08 8490 0400
Facsimile: 08 8373 6704
Email: privacy@gpex.com.au

For more information on the Privacy Act and the APPs, you may:
• visit the website of the Office of the Australian Information Commissioner
• contact the Privacy Hotline 1300 363 992 (local call charge).

We will, from time to time, review and update this Privacy Policy. We reserve the right to amend this Privacy Policy at any time and any amendments will be notified by posting the updated version on the GPEx website.

All personal information about you which is held by us will be governed by our most recent Privacy Policy. If you are unsure about whether you are reading the most current version of our Privacy Policy, please contact us. We can provide a copy of the most current version of our Privacy Policy on request.

Related documents
• Employee Policy Checklist
• GPEx Website Terms of Use
• GPEx Conflict of Interest Policy

Register to stay updated.

Exellence in Education & Training for General Practice