The Privacy Act regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations. The Privacy Act includes 13 binding Australian Privacy Principles ('APPs') with which Neurode must comply in relation to its management of personal information.
What sorts of personal information does Neurode collect and hold?
Personal information is:
information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
We collect personal information from staff, contractors, partners and from the public from a wide range of areas across Neurode. For example, we may hold personal information in the following types of records:
• Research data for projects involving human participants
• Client records
• Project files with research partners
• Personnel records
• Recruitment records
• Contractor information
• Statutory appointment information (e.g. Board members)
• Occupational Health and Safety records
• Security Files
• Subscription details (e.g. for Neurode publications)
• Legal files
• Education files
• Complaint details
These types of files held by us from time to time may include personal information such as:
• name, residential address, occupation, email address and telephone contact details;
• opinions and reactions to testing and research;
• health information; and
• credit card or other personal financial details.
The personal information on some of these files may also include sensitive information, including information about a person’s race or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information or genetic information.
How does Neurode collect and hold personal information?
Where it is reasonably practicable to do so, we collect personal information directly from you. However, on occasions, we may need to collect personal information from other sources such as public records, parents or guardians of children under the age of 18 years and third parties. When dealing with children, we seek parental consent prior to the collection of personal information, including photographs.
We may collect personal information in various ways, including via:
• Online forms (such as subscription forms or registration forms for an event e.g. hosted on Microsoft Forms);
• Surveys (hard copy or online);
• Research projects;
• Information associated with accessing and using Neurode websites;
• Over the telephone;
• Via video call/conferencing platforms e.g. Zoom and their features e.g. chat functions;
• The use of biometric technology;
• In person in a meeting or interview scenario;
• Via emails or other correspondence sent to Neurode;
• By taking photographs or videos at Neurode events;
• Third parties, for example reports from referees of prospective employees; or
• From publicly available information, such as interactions with Neurode via social media sites.
For what purposes does Neurode collect, hold and use personal information?
We only collect personal information for purposes directly related to our functions and only where it is necessary for or directly related to such purposes.
When we collect personal information from you for certain specific activities, where required, we will use a collection notice that deals specifically with that collection, including a description of the purposes for which we will use the personal information collected in that instance. Where relevant, our internal procedures and systems embed privacy protections to ensure we comply with our obligations under the Privacy Act.
We may use or hold personal and sensitive information for the following general purposes:
• to provide scientific and research services to both public and private sector clients;
• to manage our employees and contractors, including to consider prospective employees;
• to undertake research and testing as part of our functions;
• to promote and market our activities.
From time to time, we may need to disclose personal information to our joint venture partners or share information with contractors or agents who provide services to us, such as off-site file storage facilities and financial institutions which transmit payments on our behalf.
We will collect personal information from you for the purposes described in a collection notice and will only use or disclose your personal information for other purposes if:
• you have consented to the other use;
• you would reasonably expect, or have been told, that your personal information is usually passed on to other entities;
• it is required or authorised by law;
• it will prevent or lessen a serious threat to someone’s life, health or safety (including public health and safety);
• required to take appropriate action in relation to suspected unlawful activity or serious misconduct;
• required to locate a missing person; or
• required to assert a legal or equitable claim or to conduct an alternative dispute resolution process.
Set out below is some further detail of how we may use personal information collected for certain of our main activities.
When you visit our website
Cookies
A cookie is a small file containing a string of characters placed on your computer that uniquely identifies your browser. It is information that your web browser sends back to our website server whenever you visit it again. We use cookies to 'remember' your browser between page visits. In this situation, the cookie identifies your browser, not you personally. No personal information is stored within our cookies.
Analytics
We use Google Analytics to collect anonymised data about your interaction with our websites, which are hosted by a third party provider. We may also use our own analytics on our websites.
The types of data collected may include your IP address, browser and operating system, screen size, geographic location, search terms and pages visited, actions performed on pages, and date and time of webpage access. Where you provide your email address, that information may be linked to your interactions with the websites.
This data is collected for the purposes providing you with a better experience of, and improving our websites. Occasionally, we may also use this data for scientific research, including measuring the impact and outcomes of research.
Emailing Neurode
When you send an email to a Neurode address (name@neurode.com.au), the content and your details, including your email address, become part of our records. Your email address, acquired in this way, will not be added to any mailing list unless specified in a collection statement or unless we obtain your consent.
Completing an online form
Should you decide to complete and submit an online form on any part of the Neurode website, we:
• may record personal details provided by you such as; e-mail address, street address, telephone number, occupation, company, areas of interest etc to the extent they are relevant to the purpose for which we are collecting them.
• will only use this information for the purpose for which it was collected.
• will not disclose this information without your consent except where Neurode may be required by law to disclose the information.
Online forms and surveys hosted by third parties
Neurode may use online forms and surveys which are hosted by third parties to facilitate internal Neurode procedures or our research activities e.g. Microsoft Forms or Survey Monkey. Where Neurode uses a third party for these purposes, Neurode will ensure that the platform provider is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement, we have sought your consent, or we have ensured appropriate contractual measurements are met.
Research activities
We may conduct research involving human participants and this research may involve the collection of personal information, including health information, genetic information, or information about a person as part of social research. The collection of such information may also have ethical approval requirements.
When dealing with personal information in a research context, we will usually de-identify that information. If personal information is not de-identified, we will deal with personal information collected during research in accordance with the Privacy Act.
We may also deal with personal information of research partners or clients when providing scientific research services to both public and private sector clients. This may include the following sorts of personal information:
• Name, address, occupation, and email and telephone contact details;
• Opinions and reactions to testing and research;
• Health information;
• Client information;
• Credit card or other personal financial details.
If we collect your personal information as part of our research activities, we will use that information for the purposes of the specific research activity and we may also add it to a database for the purpose of contacting you about future Neurode activities, but only where you would reasonably expect this or have consented. We also use de-identified information for research and analysis purposes.
Neurode Enquiries service
When you contact us for general information about our activities or about science and technology generally, we will:
• Log the contact (online or otherwise) in a secure database;
• Record your name and other contact details, and information about the nature of the enquiry and response provided;
• Record phone calls for the purpose of quality assurance and coaching;
• Not add you to a mailing list, but may seek consent to contact you to provide feedback on the service provided.
• Not disclose the information collected without your consent, except where Neurode may be required by law to disclose the information.
Direct communication from Neurode
We store the contact details of a wide range of clients and stakeholders, ranging from direct subscribers to periodical publications, to business, research and community contacts. This information may be used to disseminate information and to facilitate participation in events and Neurode activities. In managing this information, we will:
• hold all personal information in secure databases, both at onsite and offsite locations.
• ensure that at any time, a recipient of e-mailed mass communication may ask to “unsubscribe” from our central marketing/communication database.
• ensure that a direct link to “unsubscribe” is generally made available in mass communications from us. Alternatively, unsubscribe requests can be made directly to Neurode Enquiries.
Managing our personnel and other support services functions
Neurode collects, uses and discloses and handles personal and sensitive information to enable us to properly manage our business affairs, legal obligations and the employment, engagement and management of staff and affiliates, which may include, but is not limited to:
• assessing suitability and/or eligibility for appointment/engagement;
• compliance activities;
• assessing staff capability requirements and resourcing;
• business development and improvement;
• training, development, research and evaluation;
• audit and assurance;
• financial, legal, security, information technology and communications matters related to a staff member's employment;
• the management, investigation and/or resolution of any issues that may arise during the course of an individual's employment or engagement, including workplace issues (whether conduct or non-conduct related), probation, medical-related issues, and work, health and safety matters; and
• managing natural disasters, health crises such as Covid-19, and other risks to Neurode staff members and affiliates
Engaging with the public about science
We collect personal information in the course of promoting and marketing our activities to the public, including via the following:
• Promotions / competitions;
• Photographs of individuals taken at Neurode events;
• Collecting data about the public’s opinions on science (e.g. feedback via social media);
• Sending marketing material to clients;
• Neurode Education programs and publications.
How does Neurode store personal information?
Each area of Neurode that collects personal information stores that information securely on Neurode’s IT systems. These systems are password protected and, where required, only certain people are authorised to access the information. We may use third parties to store some personal information on servers and cloud services in Australia or overseas.
Disclosures of personal information overseas
We may disclose personal information overseas from time to time, for example in the course of a research project with an overseas entity, through publishing information or by storing information on a server located overseas. Neurode will only disclose your information overseas in accordance with APP 8 and where certain conditions are met, for example, where the recipient is subject to a law or binding scheme substantially similar to the APPs, including mechanisms for enforcement, we have sought your consent, or we have ensured appropriate contractual measurements are met.
Access to and amendment of personal information held by Neurode
We will provide you with access to your personal information that we hold, subject to any applicable exceptions under the Privacy Act. We will require you to verify your identity and specify, as clearly as possible, the information that you wish to access. We will not charge you for lodging a request for access to your own personal information but may charge for reasonable administrative costs.
The fee will be determined on a case by case basis and you will be informed beforehand of the likely cost.If you can establish that information held by us about you is inaccurate, irrelevant, out of date, incomplete or misleading, we will take reasonable steps to amend the information. If we disagree with your view about the status of this information, we will provide reasons for the refusal and record a statement in our records of your view.
Using Rae
Rae is accessed via Telegram (see Telegram’s terms of service (link) and privacy policy (link) for more information). We also pass user-provided data from messages to our service providers (OpenAI for response generation, Supabase for encrypted data storage, Retool for observability). We do NOT use aggregate user data to customize individual user responses. The Rae feature only accesses a single given user's data when generating responses to that user. We can also access user data for customer service and product improvement purposes.
Complaints
If you have a privacy related complaint about us, please contact Neurode at hello@neurodelabs.com
Last updated 4th September 2024