The Gastroenterological Society of Australia (GESA) is committed to safeguarding the Personal Information it collects and receives. This policy has been developed in accordance with the Australian Privacy Principles (APPs) contained in the 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.
What Is Personal Information and Why Do We Collect It?
Personal Information is information or an opinion that identifies an individual. We are required to collect Personal Information only by lawful and fair means.
Personal Information we collect and hold may include:
your name(s), title, date of birth, gender, postal address(es), email address(es), telephone and facsimile numbers;
your employer, or employee and employment details;
your education and other qualifications and certifications;
your interests; or
other information relevant to your membership or potential membership with GESA or your participation in GESA-managed programs.
We may request additional information we require to provide our services to you or to allow the organisation for which you work to provide GESA with services (e.g. payment information to process event registrations). Further information may be collected with your consent in specific instances as disclosed to you.
When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Where reasonable and practicable to do so we will collect your Personal Information only and directly from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Any Personal Information held by GESA will not be used or disclosed by us except as authorised by you or as is reasonably necessary for the purposes outlined to you or when required or when required or authorised by law.
You have the right to remain anonymous, to use a pseudonym or refrain from providing Personal Information to GESA. Should you choose not to provide Personal Information to GESA, to remain anonymous, or to use a pseudonym, we may not be able to provide you with the services you require, or we may not be able to provide you with the required services to a level that we regard as best practice.
The Personal Information we may collect is obtained in many ways including:
from information supplied by you in conversation or communications with you or your colleagues, employees or employer;
by telephone or facsimile;
via our websites;
from your website;
from media or publications;
from other publicly available sources; or
from third parties.
We collect your Personal Information for the primary purpose of providing our services to you and to provide information to relevant third parties (e.g., the general public). We may also use your Personal Information for secondary purposes closely related to the primary purpose in circumstances where you would reasonably expect such use or disclosure.
Additionally, we may use Personal Information to:
maintain and update details for membership and website administration purposes;
administer the GESA website;
manage the usage of website resources;
enable your access to and use of the website services;
publish information about you on the website;
send products to you that you have requested or purchased using the website;
supply services or information that you have requested or purchased using the website;
send receipts or invoices;
conduct activities for quality and research purposes; or
send marketing communications (you may unsubscribe from our mailing/marketing lists at any time by contacting us in writing).
Patient Identification Information
If you provide any patient information to us it is your responsibility to ensure that all patient privacy obligations are met and that any necessary patient consent has been obtained.
Only anonymous patient information should be provided to us. If any patient identification information is included in the data provided to us it is your responsibility to ensure that you address this issue with your patient and we will assume that you obtained their consent.
You may also need to check that the privacy requirements of your practice or institution do not conflict with or limit this requirement.
While all patient information provided to us should be anonymous we strive to manage all patient information we hold in a manner fully consistent with the Privacy Act.
The Conjoint Committee for the Recognition of Training in Gastrointestinal Endoscopy (CCRTGE) and Colonoscopy Recertification Programs
The CCRTGE and Colonoscopy Recertification programs collect information on patient procedures and practitioners. All data collected is treated according to the principles in this policy and is used only for the stated purposes of the programs. Participation in these programs is taken as consent by all participants, both practitioners and patients, to the terms of this policy. Data may be used in GESA-approved research projects in an aggregated and anonymous form.
Use of Data for Research Purposes
The GESA Board may from time to time approve the use of aggregate and anonymous data to be used for research purposes. These research projects must align with the intent and purpose of GESA.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.
Sensitive information will be use by us only where it is reasonably necessary for our core functions and/or activities for example:
for the primary purpose for which it was obtained;
for a secondary purpose that is directly related to the primary purpose;
with your consent;
where required or authorised by law;
to interact with other professional associations with which we have reciprocal arrangements with your consent; or
to collect dietary requirements for events and conferences.
Information Stored Locally on Your Computer
We (or a third-party providing services to us such as Google) may use "cookies", "pixel tags", “flash cookies” or other local storage on your computer provided by your browser or associated software applications which may collect and store your Personal Information.
Your use of our websites is taken to mean that you consent to and acknowledge that we collect your Personal Information through cookies, or any other local storage used by GESA or third-party services such as Google Analytics.
Collecting Information About Your Use of Our Websites
When a person visits our website, a record of their visit may be logged and the following information recorded for statistical, quality or maintenance purposes:
the date and time of the visit;
the address of the pages accessed, and the documents downloaded or
the type and operating system of the device used to access the site.
Many of our websites have Google Analytics enabled. Google Analytics provides general information about the use of our websites including how often web pages are visited and what links are clicked, or files downloaded.
None of the above data is linked to any individual user even where a login is required.
Disclosure of Personal Information
Your Personal Information may be used by us or our third parties and disclosed in a number of circumstances including the following:
where required or authorised by law;
research purposes in an aggregated and anonymous form;
to provide products and services to you;
to collect payments and to administer your account;
to provide you with updated or new information about our offerings and services;
for the development of existing and new offerings and services;
to maintain and update our business infrastructure and systems; or
to promote our other offerings and services to you.
In providing our offerings and services, or collecting and using your Personal Information, your Personal Information may be disclosed to third-party organisations including:
information technology service providers;
printers and distributors of direct marketing material;
our legal, accounting, financial or other professional advisors;
regulatory, government and other authorities as required by law;
international bodies with which we have mutual recognition agreements;
members of GESA committees such as advisory committees;
our partners and sponsors to enable them to provide information about their products and services;
marketing and communications agencies or
mailing houses, freight, or courier services.
Where we disclose Personal Information to our third parties for these purposes the third party will be obliged to use that Personal Information in accordance with the terms of this policy.
In such a case we will take reasonable steps to ensure that you are made aware of the information disclosed to the third party.
We will also detail:
whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located; and
how to access and correct Personal Information and make privacy complaints.
In addition to the disclosures reasonably necessary for the purposes identified above, we may disclose Personal Information to the extent that it is required to do so by law in connection with any legal proceedings or prospective legal proceedings and in order to establish, exercise or defend its legal rights.
Request for Information
We do not disclose Personal Information to third parties. Exceptions to this policy are research requests where aggregate and anonymous data may be provided to a third party. Requests must be in writing and sent to firstname.lastname@example.org and must specify ethics approval, the type and length of the intended use of the data, a data management plan, arrangement for data security and the arrangements for destruction of the data provided by us once the research is concluded.
Approval is only considered for research purposes and non-commercial use. All requests will be presented to the GESA Board for review before approval or access is granted.
Cross-Border Data Transfers
Information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable the use of the information in accordance with this policy. Currently GESA is operating in Australia only.
In addition, any Personal Information submitted to the website with the understanding that it will be used for publication on the website may be published on the internet and may therefore be publicly available.
Any Personal Information submitted for publication implies agreement to cross-border transfers of Personal Information.
Unsolicited Personal Information is Personal Information we receive that we have taken no active steps to collect. If the information we receive is not required for us to perform one or more of our services or activities, we will destroy the information as soon as practicable.
Maintaining the Quality of Your Personal Information
We take reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and current. However, the accuracy of that information depends, to a large extent, on the information you provide.
It is important to us that your Personal Information is current. If you find that the information we have is not current or is inaccurate, please advise us as soon as practicable (within 28 days) so we can update our records and ensure we can continue to provide quality services to you. We recommend that you let us know if there are any errors in your Personal Information and that you keep us updated with changes to your information.
Security and Disposal of Personal Information
We take reasonable steps to protect any of your Personal Information that we hold. Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy your Personal Information. However, most of the Personal Information is or will be stored in member files which will be kept by us for a minimum of seven years after the completion of the last service provided to you.
You can also help to protect the privacy of your Personal Information by keeping passwords secret and by ensuring that you log out of the website when you have completed your transaction. If you become aware of any security breach, please contact the GESA head office as soon as possible via email at email@example.com or by phoning, or sending a text message to, the general inquiries mobile phone number on the "contact" page of this website.
Securing Your Data
We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of Personal Information.
We will store all the Personal Information provided on secure servers.
Information relating to electronic transactions entered via this website will be protected by encryption technology.
Access to Your Personal Information
You may access the Personal Information we hold about you to update and/or correct it subject to certain exceptions as allowed by law. If you wish to access your Personal Information, please contact us in writing via firstname.lastname@example.org. We will assess your request and provide you with a response usually within ten business days.
We will not charge any fee for your access request however we may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
If we refuse your request, or if we refuse to give you access in the manner you request, we will provide you with written confirmation of the reasons for our refusal and the available complaint process.
Members can access and update their contact details by logging in to the member-only area of the GESA website. For any Personal Information that cannot be accessed and corrected through the GESA website please contact us using the contact information on the "contact" page of this website.
You may opt out of receiving our marketing, advertising and promotional notices, offers and communications by emailing us at the email address listed on the "contact" page of this website or by following the "unsubscribe" link in our email communication campaigns.
Policy Updates and Variations
This policy may be changed, varied or updated at any time without notice in accordance with any legislative changes, changes to our practices or changes to the way we collect, use and disclose any Personal Information.
If you have any queries or complaints about this policy or about how we collected, stored, or used your Personal Information please write to us using the contact information on the "contact" page of this website.
We will endeavour to deal with your complaint and take any steps necessary to resolve the matter promptly usually within ten business days.
If your complaint is unable to be resolved within ten business days, we will advise you in writing to let you know when we expect to provide our response.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner whose contact details can be found at https://www.oaic.gov.au/about-us/contact-us.
Date: September 2021