1. Purpose
The purpose of this policy is to communicate clearly the personal information handling practices of the Australian Society of Anaesthetists (ASA), in accordance with relevant legislation.
2. Introduction
The ASA is committed to ensuring the privacy of individuals. The ASA complies with the following:
Australian Privacy Principles – Privacy Act 1988 (Australia) Information Privacy Principles – Privacy Act 1993 (New Zealand)
This policy outlines the way the ASA collects, uses, stores and discloses personal information, the procedures concerning management of privacy complaints and the procedures that allow access to personal information.
3. Body of policy
All personal information that enters the ASA is dealt with in a consistent manner and every effort is made to maintain its security.
The ASA collects and holds personal information which typically includes name, address, telephone and fax details, email address, and may also include other personal information (for example, curriculum vitae), health and financial information.
3.1 Collection
The ASA collects and holds personal information from members (including trainees who are members), conference delegates, applicants, recipients of ASA services, hospitals, suppliers, and other individuals who interact with the ASA including patients of members.
Where possible, the ASA collects personal information from individuals directly during the performance of its functions and activities. Where it is not practicable or reasonable to collect an individual’s information directly, the ASA may collect it from other sources such as hospitals, Colleges, external suppliers and patients.
The ASA will only collect information from individuals when it is reasonably necessary for the performance of its functions and activities, and all such collection will be subject to this policy. The information collected will depend on the individual’s relationship with the ASA, however, is generally collected to either facilitates the provision of ASA services such as education, or to enable the ASA to procure goods and services from suppliers, or to allow the ASA to contact individuals.
Patients – The ASA, through its Informed Financial Agreement website, may collect sensitive information from the patients of its ASA members, such as health or biometric information, in circumstances where the patient has consented to such collection and it is reasonably necessary for, or directly related to , one or more of the ASA’s functions or activities; or the collection is otherwise required by law.
For instance, a patient’s sensitive information may be collected, with their consent, and to the ASA member who is providing anaesthetic services to the patient in order for the member to provide fee information to the patient. Once the information has been disclosed to the ASA member or members the ASA destroys the information it holds.
3.2 Use
The ASA uses personal information for the purpose for which it was collected. This information may be used for secondary purposes which directly relate to the primary purpose of collection. For example, an individual may be required to fill in a form to register for a scientific meeting or conference and the ASA may use these contact details to send a conference program or other conference information.
De-identified clinical information is used by the Australian and New Zealand Tripartite Anaesthetic Data Committee (ANZTADC) of which the ASA is a member, along with the Australian and New Zealand College of Anaesthetists (ANZCA) and the New Zealand Society of Anaesthetists (NZSA).
The ASA collects, uses and stores personal information, and may disclose information to third parties to provide ASA membership services and benefits, maintain ASA membership and service/benefits records, provide information, assist education and continuing professional development and to conduct research for purposes related to the ASA, anaesthesia and the above. All specific requests for information from a third party in connection with ASA services and benefits will be documented, and managed in accordance with the ASA privacy policy, and any such disclosure will only occur in accordance with ASA’s obligations pursuant to the information privacy legislation.
3.3 Disclosure
3.3A Disclosure of personal information to overseas recipients
The ASA may disclose an individual’s personal information to an overseas recipient located in the United States of America, the United Kingdom and Singapore that may relate to conferences or its journal publication.
When disclosing an individual’s information to an overseas recipient, the ASA takes steps as are reasonable in the circumstances to ensure that such disclosure is lawful, appropriate, and is to a recipient that is bound by legislation or a binding scheme that is substantially similar to the relevant Australian privacy legislation.
In circumstances where an individual communicates with the ASA through a social network service, such as Facebook or X, the social network provider and its partners may collect and hold the individual’s personal information overseas. X, Facebook, Instagram, YouTube and LinkedIn each have their own privacy policies.
The ASA also utilises Google Analytics which may involve the collection of data that is sent overseas and stored on Google’s services. Google’s Cloud Data Processing Addendum provides that when collecting, using and storing data, it will comply with applicable laws, including relevant Australian privacy legislation.
3.3B Direct Marketing Communications
Contact information held by the ASA may be used to inform individuals of special offers or additional services provided by the ASA. Where required or appropriate, the individual contacted will be provided with the option of not receiving further communication of this nature from the ASA.
The ASA does not sell any of the personal information it collects. The ASA will disclose personal information for the primary purpose for which it was collected, for a secondary purpose if it directly relates to the primary purpose, or where required by law. Individuals will be informed of this and may have to sign a consent form at the point of collection.
For example, aggregated membership information may be shared with medical boards, health authorities, government, hospitals and other health institutions in connection with uses identified in this policy.
The ASA does engage third parties to perform certain business functions and its business needs may require the disclosure of personal information to related service providers and suppliers. Where such disclosure takes place, the ASA will endeavour to inform the individual of the type of personal information held, the reasons for disclosure, and the type of individuals and organisations to whom it will usually be disclosed.
The ASA seeks to ensure that personal information is handled in accordance with the Australian Privacy Principles and the New Zealand Information Privacy Principles. The ASA requires third parties to sign a confidentiality agreement.
Information will not be disclosed where to do so would breach other statutory or legal obligations.
3.4 Security
The ASA takes such steps as are reasonable in the circumstances to protect an individual’s personal information from misuse, interference, loss, unauthorised use, access, disclosure and alteration. Staff must comply with the ASA’s policy on the handling of personal information. IT protection systems, internal procedures, information security controls and organisational measures are also utilised to protect the personal information held by the ASA. Information will be held until there is no longer a business or legal need to retain it.
The ASA holds an individual’s personal information in either paper-based or digital form. Hard copy documents are generally held on site or at an off-site archive storage location. All personal information collected digitally by the ASA is held on servers located in Australia, over which the ASA retains effective control.
3.5 Correction
The ASA seeks to maintain the accuracy of personal information. Individuals are encouraged to contact the ASA if the information held is incorrect or to notify the ASA if personal information has changed. Changes to personal details can also be made by individuals through the ASA website www.asa.org.au or by email asa@asa.org.au
3.6 Period of retention
The ASA shall not retain the personal information of any person for longer than necessary. The ASA records disposal schedule (for internal use only) lists the status and retention period of all documents archived by the ASA.
3.7 Access
The membership officer may be contacted on +61 2 8556 9702 or at asa@asa.org.au by an individual to access their personal information. A request in writing from that individual will be required to access their information. Access will be provided unless the request is unreasonable or the Australian Privacy Principles or New Zealand Information Privacy Principles permit or require the ASA to decline that access. As permitted by law, a fee may be requested to cover the cost of access. Any queries regarding an individual’s personal online information should be checked by that individual prior to any such request.
4. Particular provisions and information use
In addition to the above, the following provisions apply:
4.1 Members and trainees who are members
The ASA holds personal information about members (and trainees who are members) which is used to conduct ASA business, for the purpose of education, for continuing professional development and other purposes set out in this policy. It may be disclosed to ASA staff, ASA Council and committees, hospitals, external suppliers, Colleges, societies and associations of which the individual is an applicant or member. General information may be provided to members of the public if requests are made about a members or trainee members status, or otherwise. Personal information may be disclosed where required by law.
A request by a member or trainee for another member or trainee’s personal contact details will be referred to the CEO.
Any information provided to the ASA will be used and disclosed in the manner set out in this policy. Failure to provide this information may prevent the ASA from adequately delivering its services. Further information regarding the use and disclosure of personal information may be provided at the point of collection.
4.2 Special interest groups
Special interest groups have been formed by the ASA with the Australian and New Zealand College of Anaesthetists (ANZCA) and the New Zealand Society of Anaesthetists (NZSA), and personal information relevant to the activities of the special interest groups may be shared with those bodies.
4.3 External suppliers
The ASA discloses information to external suppliers, when entering into transactions for the purpose of ASA business. This information will be handled in accordance with the Australian Privacy Principles or New Zealand Information Privacy Principles. It will not be utilised for any other purpose and only disclosed to suppliers for the contracted purpose. Failure by an external supplier to act in accordance with the ASA privacy policy may result in termination of the relationship with the ASA.
The ASA holds personal information about external suppliers which may be used and disclosed in the course of conducting ASA business. Personal information may be disclosed to other suppliers to the ASA or to ASA staff, council and committees where necessary in order to conduct this business. Failure to provide this information may impede the process of transacting business.
4.4 Employees
The ASA may collect personal information in relation to its employees (and contractors) as part of their application and onboarding processes and during the course of their relationship with the ASA, either from them directly, or in some cases from third parties such as recruitment agencies. This may include information about the individual’s health, their right to work in Australia, or other sensitive information.
The ASA may disclose personal information in relation to its employees to third parties in connection with their relationship with the ASA and their work. These third parties are usually in Australia but may be based overseas. When disclosing an employee’s information, the ASA takes steps that are reasonable in the circumstances to ensure that such disclosure is lawful, appropriate, and is to a recipient that is bound by legislation or a binding scheme that is substantially similar to the Australian privacy legislation.
4.5 Patients
The ASA, through its Informed Financial Agreement website, may collect personal information including health and financial information from patients and disclose this information to the ASA member who is providing anaesthetic services to the patients for the member to provide fee information to the patient. Once the information has been disclosed to the ASA member or members the ASA destroys the information it holds.
5. Complaints and concerns
If you have any enquiries, concerns or comments about this privacy policy, or wish to make a complaint about the ASA’s handling of your personal information or our compliance with the relevant privacy legislation, please contact the Chief Executive Officer on +61 2 85569707 or via asa@asa.org.au. You may also write to: Chief Executive Officer Australian Society of Anaesthetists P.O. Box 76 St Leonards, NSW, 1590
Receipt of your correspondence will be acknowledged, and the ASA will endeavour to deal with your enquiry, comment, concern or complaint and provide you with a response within 30 days. Some matters may require detailed investigation and may accordingly take longer to resolve. The ASA will provide you with progress updates if this is the case and may seek further information from you.
The ASA may refuse to investigate and deal with a complaint if it is considered to be abusive, trivial; or vexatious.
If you are dissatisfied with the outcome of a privacy complaint after an initial decision has been made by the ASA, you may seek internal review of the decision. Internal review will be conducted by a different officer of the ASA who has not previously been involved in your complaint.
If you are still dissatisfied with the outcome of your complaint after internal review, you are able to take your complaint to the Office of the Australian Information Commissioner (OAIC) for resolution. The OAIC can be contacted via the following channels: Phone: 1300 363 992; Website Contact Form: https://webform.oaic.gov.au/prod?entitytype=Complaint&layoutcode=ComplaintWF
If you have any concerns about the ASA’s handling of personal information, please contact the Chief Executive Officer on +61 2 8556 9707 or via asa@asa.org.au
6. Changes to ASA Privacy Policy
The ASA may modify or amend this policy at any time provided the policy still complies with the relevant privacy legislation. Information will be held and used in accordance with the privacy policy, as amended from time to time. Formal notice of amendments will not ordinarily be given, but the current privacy policy will be available via the ASA website. The latest version of the policy can be accessed via the ASA website www.asa.org.au or by contacting the ASA on +61 2 8556 9700.
January 2025