- collect your information,
- use your personal information, and
- disclose your personal information.
This policy outlines how we comply with our privacy obligations as set out under the Privacy Act (1988) (as amended) (the “Act“) and the Australian Privacy Principles (APP).
Who is Identilab and what does it do?
Identilab is a company that provides specialist DNA testing services in human identification science.
What is personal information?
“Personal information” includes any information from which your identity is apparent; more specifically, it is defined in the Act as any “information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not”.
“Sensitive information” is a subset of personal information and includes racial or ethnic origin, health information about an individual, and genetic information about an individual that is not otherwise health information.
Collection of your personal information
We collect the following types of personal information about you during the course of your use of our website and/or service:
- email address
- date of birth
- telephone number
- credit/debit card number
- genetic/parentage information
If you are undergoing testing for legally admissible results, we also collect photo identification to verify your identity (as sighted by a qualified witness).
We collect the personal information disclosed to us by you in a number of ways. If you intend on using our services, then we will collect this information in the course of you completing an application together with any information that you provide with your sample collection kit. We may also collect personal information from you in the course of your use of our website, over the internet, via email, or from a telephone conversation.
Personal information will also be collected in other circumstances, such as when other persons or entities ask us to perform DNA testing services on your behalf, for example, Child Safety Services or the Department of Home Affairs.
Other information collected during the use of our website may be used solely to track how many individuals use our site and which pages they use. This information enables us to improve our site for all users. We do not share, sell, or pass on any of this information to third parties.
A cookie is a piece of data stored on the user’s computer tied to information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. You can use settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
Like most standard site servers we use log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyse trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc. are not linked to personally identifiable information.
Our website contains links to third-party websites. We are not responsible for the contact or privacy practices of websites that are linked to our website.
Use of your personal information by us
The purpose for which we collect personal information is to provide you with the best service experience possible and for our internal business purposes that form part of normal business practices. To do this, the collection, use, and disclosure of your personal information is limited to conducting the specific services you have instructed us to undertake and to provide users with a better experience in using the site.
Security of your personal information
All reasonable care has been taken to ensure that your personal information is stored in a safe and secure manner.
Your personal information is recorded in an electronic database held by us. Access to this database is restricted (through password protection) to employees of Identilab. Employees who have access to your personal information have signed confidentiality deeds.
Electronic security measures are in place to prevent unauthorised access, interception, or intrusion to your personal information, and to ensure that the information is properly and securely backed up. However, neither people nor security systems are infallible, including encryption systems. While we use all reasonable efforts to protect your personal information, we cannot guarantee its absolute security.
In accessing our services, you accept that electronic mail and other transmissions passing over the internet may not be free from interference by outside parties and may not remain confidential. In consequence, we cannot guarantee the privacy or confidentiality of any information passing over the internet.
The results of DNA test results and related information are disclosed as follows:
- To all sample donors over the age of 18 (except in the case of services commissioned by Child Safety Services, in which case the results will be disclosed to the relevant Case Manager of Child Safety Services only).
- If the guardian of a minor child/incapacitated adult has not contributed their own DNA sample for testing but has signed the consent for the testing procedure to be carried out on that minor child/incapacitated adult, they will also have the results disclosed to them.
- If our services have been engaged for the purposes of visa or citizenship application, results will also be disclosed to the Department of Home Affairs. This can include sending results to overseas branches of Home Affairs.
Apart from such circumstances, we may disclose your personal information in the following circumstances:
- we reasonably believe that the disclosure is necessary to lessen or prevent a serious threat to the life, health, or safety of any individual, or to public health or safety; or
- we have reason to suspect that disclosure is necessary to prevent unlawful activity, or misconduct of a serious nature relating to our functions, activities, or rights; or
- it is reasonably necessary for the establishment, exercise, or defence of a legal or equitable claim.
We also use your personal information as necessary to manage our accounts and obtain payment for the services we provide. If the circumstances require, we may disclose your personal information to our insurers or to third parties who collect outstanding accounts on our behalf.
We may use your personal information for teaching purposes or to monitor, evaluate, plan, and improve the services we provide. We will only use de-identified information (information that does not contain any personal details that may reasonably identify you) for these purposes.
We may also disclose personal information as required by law.
In the event that we sell or buy businesses or their assets, or engage in transfers, acquisitions, mergers, restructurings, changes of control, and other similar transactions, customer information is generally one of the transferable business assets. Thus, your personal information may be subject to such a transfer. In the unlikely event of insolvency, personal information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.
Aside from the above exceptions, we will only disclose personal information to an unrelated third party with your consent.
What happens if we do not collect your personal information?
If you don’t provide us with all the personal information we request, we may not be able to provide DNA testing services to you. We only collect as much personal information from you as we need to provide you with services and to allow us to obtain payment for those services.
- to enquire about our information practices;
- to advise of corrections to information we hold about you;
- to enquire about the manner in which we handle your information;
- to make a complaint about privacy; or
- any other privacy aspects of our website or service.
You can contact us at:
Att: The Privacy Officer
Identilab Pty Ltd
PO Box 419
Salisbury QLD 4107
You will need to be in a position to verify your identity. Anonymity and pseudonymity is impractical in circumstances when requesting personal information from us given the services we provide and our obligation to protect personal information.
You should also anticipate that it may take a little time to process your application for access as there may be a need to confirm the validity of your request, retrieve information from storage, and review information in order to determine what information may be provided.
Access and Correction
Australian Privacy Principle 6 of the Privacy Act 1988 (Cth) allows you to access, and correct, the personal information we hold about you in certain circumstances. If you would like to obtain access, please contact us via the details above.
You will not be charged for making a request to access your personal information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We may refuse access if it would interfere with the privacy rights of other persons or if granting access breaches any confidentiality that attaches to that information.
In order to lodge a complaint with us, please contact us via the details above.
When you notify the Privacy Officer of a possible complaint a “Privacy Complaint Form” will be forwarded to you to complete and return. The Privacy Officer will reply to you within 14 days of receiving the completed form with the response to the complaint.
You can also make complaints to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 993 or by using the contact details on the website www.oaic.gov.au.
We will make every effort to resolve any complaints that you may have as quickly as possible.
Retention of Information
We retain personal information for as long as required, allowed, or we believe it useful, but do not undertake retention obligations. We may dispose of personal information at our discretion without notice, subject to applicable laws that govern the handling or retention of that personal information. You must keep your own, separate back-up records of your personal information.