Privacy and security policy
1. Purpose and scope
The Board of the MSBase Foundation is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
The purpose of this privacy and security policy is to set out the principles governing our use of the personal information which we may obtain about you. By using the MSBase Registry website, or by registering as a user of the services which we provide, you agree to the use of your data according to this statement. We ask you to read this privacy and security policy carefully.
If you have any questions about this policy or wish to make a complaint about a breach of the policy please contact firstname.lastname@example.org or telephone +61 3 9342 8070.
This policy does not refer to the de-identified research data contained within the registry which is collected under the strict research ethics guidelines relevant to each contributing centre.
The MSBase Foundation collects and administers a range of personal information for the purposes of running the International Multiple Sclerosis online MSBase Registry and its associated research activities. The organisation is committed to protecting the privacy of personal information it collects, holds and administers.
The MSBase Foundation recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies.
As a not-for-profit company registered in Australia, the MSBase Foundation is bound by the Australian Privacy Principles (12 March 2014) from Schedule 1 of the Privacy Amendment Act 2012.
The organisation has adopted the respective Privacy Principles as minimum standards in relation to handling personal information.
In broad terms this means that we:
- Collect only information which the organisation requires for its primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person's consent;
- Store personal information securely, protecting it from unauthorised access;
- Provide stakeholders with access to their own information, and the right to seek its correction;
- Store information on the secure MSBase Registry website servers and in the Australian offices of the MSBase Foundation.
You have the right to request access to personal data which are held about you. You also have a right to require any inaccuracies in your information to be corrected free of charge. Members can edit information about yourself by accessing the members' area of the website or you can ask us to modify your details by sending an e-mail to email@example.com. Please state your name, username and centre details (if applicable) clearly on all communications.
No personal data provided by website or service users is passed on to independent companies that may be interested in selling goods or services. The MSBase Foundation does not rent nor sell its list of registrants.
We do employ other trusted companies and individuals to perform functions on our behalf. They may need access to your personal information in order to perform their functions. Rest assured, however, that they may not use your personal information for any other purposes.
The MSBase Foundation and its contractors including the MSBase Registry website IT service provider, Rodanotech, will ensure that all staff, contractors and consultants have signed a confidentiality agreement. We also employ software programs to identify unauthorized attempts to upload, download or change information, or otherwise cause damage.
3.1 Personal data collected by the MSBase Foundation and/or its contractors, or data entered into the MSBase Website by its registered users is accessed to:
- validate the user's status and to assign access privileges
- customize the display of information on the website so that it reflects the specific access privileges of users
- evaluate the usefulness and effectiveness of particular web site features and the effect of those features on the conduct of the MSBase Registry
- communicate about MSBase research opportunities and activities.
3.2 To ensure the security of users of the MSBase Registry website and the Intellectual Property of the research collaboration, users are expected to follow the following procedures:
- Login: To prevent other people from using your account, we require that you login with a username and password which is strictly personal and non-transferable.
- If you are sharing a computer with other users, you should not enable Automatic Login ("Remember my username and password"), since that would permit other users on your computer to access the website with your username and password.
- You should never share your password with anyone. If you feel that others may have found out your password, you should change it immediately.
MSBase Foundation Ltd reserves the right to change any part of this privacy and security policy at any time without notice.
Approved: 27th January 2015