Skip to main content

Children's Medical Research Institute Privacy Policy

1. OVERVIEW

Children's Medical Research Institute (CMRI) is committed to protecting your privacy.

2. SCOPE

This Privacy Policy explains the kind of information we may collect about you, how we may use that information, whether we will disclose it to anyone, and your rights regarding that information.

3. THE INFORMATION WE COLLECT

“Personal information” is information or data which identifies you as an individual or from which your identity can be reasonably ascertained.

We only collect personal information if it is reasonably necessary for one or more of our functions or activities as a medical research organisation and registered charity.

Basic identifying and contact details

  • Name, address, email address, phone number, and where reasonably necessary for CMRI’s functions or activities, date of birth
  • Demographic details such as age and sex

Professional details

  • Education and employment history
  • Relevant qualifications and professional registrations (for PhD students, research collaborators, staff)
  • Professional memberships and certifications
  • Employment history and professional experience
  • Required authorisations and licences

Service related information

  • Donation and payment details
  • Payment and transaction details for products and services you've purchased from us
  • Event registration and participation details
  • Delivery and billing addresses for merchandise orders
  • Your preferences for our services and your marketing preferences
  • Feedback and survey responses
  • Personal interests and family stories

Digital information

  • IP address and general location information derived from your IP address
  • Search and browsing behaviour
  • Website usage patterns
  • Cookie preferences

Sensitive Information

We handle sensitive information with extra care and protection, and we only collect this information with your consent or when legally permitted. This includes:

Health and Research Information

  • Health information including genetic information and biometric information
  • Tumour samples and associated clinical data
  • Proteomic and genomic analysis results
  • Clinical metadata including diagnosis, treatment details, and patient outcomes
  • Medical record numbers
  • Laboratory test results and reports
  • Individual or family medical history

Other Sensitive Information

  • Racial or ethnic origin (when relevant for research purposes)
  • Religious beliefs (when relevant)
  • Criminal record checks (for employment screening)

4. HOW WE COLLECT INFORMATION AND HOLD DATA

We collect personal information in various ways, both directly, indirectly and from third parties.

Directly from you when you:

  • Contact us or interact with us via telephone, email, or in person
  • Complete donation forms, registrations, transactions, or merchandise orders
  • Participate in events, contests, or raffles
  • Participate in our research studies (with consent under HREC-approved protocols)
  • Apply for volunteer, student, or paid staff roles
  • Fill out forms or surveys

Automatically when you:

  • Visit our website or social media platforms
  • Use our online services or technologies
  • Interact with our digital platforms (we track this using cookies or similar technologies, discussed further below)

From third parties:

  • Collaborating hospitals and healthcare institutions
  • Research partners and collaborators (national and international), including ProCan Technologies
  • Service providers and business partners
  • Publicly available sources such as online directories, telephone directories, or company websites
  • Partners, family members or friends
  • Government organisations and organisations or people authorised by you

5. HOW WE HOLD YOUR INFORMATION

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We take reasonable and appropriate security steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

Digital records are maintained on our secure network. We maintain network security by using a network firewall, encrypted transmission of electronic data, up-to-date anti-virus software, regular monitoring of all network traffic, and strict access control policies on electronic data including authorisation of user logins and password levels. Donor, participant or customer payments made on the CMRI website use Secure Socket Layer (SSL) certificates, which is a generally accepted standard for secure commerce transactions.

Physical records are secured in locked locations with restricted physical access and use of security alarms, or in the case of archived records, at an external storage facility in Australia. Our premises maintain controlled access protocols and equipment security measures to protect both digital and physical information assets.

We maintain operational security through comprehensive staff training on security and privacy requirements, implementing strict access controls based on individual job requirements, and conducting regular security audits and incident response procedures testing to ensure our protective measures remain effective.

We also take measures to destroy or de-identify personal information that is no longer needed for any lawful purpose.

6. HOW LONG WE KEEP YOUR INFORMATION

We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

7. FOR WHAT PURPOSES DO WE COLLECT, HOLD AND USE PERSONAL INFORMATION?

We may collect, hold or use your personal information for purposes which are directly related to one or more of our functions or activities.

Business operations

  • To manage our relationship with you as a customer, donor, or supplier
  • To process and deliver our products and services, including donations and any merchandise orders
  • To handle your inquiries, support requests, and communications
  • To maintain accurate records for billing and administration
  • To verify your identity when required or permitted by law
  • Event registration and participation

Communication and marketing

  • To respond to your questions and provide support
  • To communicate updates about our services, activities and promotional information
  • To manage your participation in surveys, feedback sessions, events, competitions and promotions
  • To manage your marketing preferences
  • Using images and stories in our communications
  • Seeking financial support through donations

Service improvement

  • To conduct analytics and market research
  • To improve our business operations and services
  • To understand how our services are used

Employment purposes

  • To assess employment applications and evaluate candidate qualifications
  • To manage professional certifications, licences and employment records
  • Recruitment of volunteer roles, student positions, paid staff or contractor roles

Scientific Research and Laboratory Operations

  • Conducting scientific research
  • Generating accredited laboratory test reports under ISO 17025
  • Research collaborations and quality assurance activities (calibration, traceability, method validity)
  • Machine learning applications and data analysis in secure environments
  • For research publications, permitted by law and subject to contractual approvals
  • To share with researchers and collaborators, only with contractual approvals and where permitted by law

Legal and compliance

  • To comply with legal obligations and regulatory requirements
  • To respond to court orders or legal processes
  • To maintain required business records
  • To protect our legal rights and interests or as authorised by law

We sometimes conduct activities under different brand names, including Children’s Medical Research Institute®, Jeans for Genes®, The Great Cycle Challenge, Bake It Blue®, or CellBank Australia. We may contact you regarding any of these branded activities.

Where you no longer wish to receive some or any communications from us, you may contact us at any time to change your preferences or opt out. To do this, please use the contact details provided at the end of this Privacy Policy.

8. USING DONOR HEALTH INFORMATION IN OUR SCIENTIFIC RESEARCH

We may collect and use health information for our research projects, including information provided to us by third party research collaborators (such as other research organisations, biobanks or hospitals). We may work with other reputable research or private organisations to achieve the aims of our research.

At all times, the type of information that we receive for our research is reviewed and approved by an external Human Research Ethics Committees (HREC). A HREC’s approval takes into account various elements such as ensuring the research is for the public good, there are appropriate consents from donors, and that we have agreements with our collaborators regarding the use, storage and transfer of this data.

The type of data that we receive is coded to protect donor identity. Our researchers work under strict guidelines when they receive donor data to preserve and protect donor identity.

9. HOW AND WHEN WE MAY DISCLOSE PERSONAL INFORMATION

In connection with the purposes set out above, we may provide your personal information to:

9.1 Our staff

We will only disclose your personal information to our staff (which include our paid employees, students, volunteers and contractors) to the extent necessary for them to perform their duties and for required business functions or activities. We ensure our staff are bound by and comply with our policies and procedures regarding personal information and confidentiality.

9.2 Our external service providers, business partners and professional advisers

We may be required to disclose your personal information to our external service providers, such as organisations who assist us with printing and mailing, data analysis and processing, email, social media or telephone contacts, advertising and marketing, analytics providers, payment processors, and IT services. We only disclose your personal information to the extent necessary for these services to be performed.

We may also disclose your personal information to our professional advisers and business partners. This includes bankers, auditors, insurer and insurance brokers and our legal advisers.

We take reasonable steps to ensure that your personal information is protected and handled by third party service providers in accordance with applicable privacy laws. This includes putting in place appropriate contractual terms with these third parties.

Our websites may contain links to other websites that we do not control. Our Privacy Policy does not apply to these other websites. If we refer you to a third-party service provider, they are responsible for informing you about their own privacy policy. We are not responsible for the privacy practices or the content of these websites.

9.3 Processing information when you make a donation

Our online fundraising activities are managed by third party service providers, and donations are processed using third-party payment processors.

Our third-party service providers include:

CMRI does not share or exchange a donor's personal information with other charities.

9.4 Corporate transactions

If we merge with or are acquired by another company, or sell our business assets, your personal information may be disclosed to our advisers, the potential purchaser's advisers, or may be included in the transferred assets as part of the transaction.

9.5 Legal and regulatory bodies

We may disclose your personal information to courts and tribunals, regulatory authorities (including as required for reporting obligations), and law enforcement officers when required or permitted by law.

9.6 Other parties

We may also disclose your personal information to third parties you have authorised, emergency services when necessary, or any other parties as required or permitted by law.

9.7 Other lawful purposes

At any time, we may be required by law or legal demand to provide personal information to another party, such as a regulatory authority.

10. DISCLOSURE OUTSIDE OF AUSTRALIA

We store your personal information in Australia. However, we may disclose your personal information to third-party service providers that are located, or process data, outside of Australia and with whom we have a business relationship. The primary purpose of disclosing personal information overseas is to facilitate our business operations. Prior to engaging with an overseas party, we will take reasonable steps to ensure that the overseas party has data security arrangements to protect the information and is obliged to protect your personal information under privacy standards substantively the same as those that apply in Australia or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information. The countries to which we are likely to disclose personal information include, but are not limited to, the United States of America, the United Kingdom and Germany.

11. YOUR PRIVACY RIGHTS

CMRI takes reasonable steps to ensure the personal information we collect is accurate, complete and up to date.

Access to your information: If you would like to access the personal information we hold about you, please contact us using the details below. For security purposes, we will ask you to verify your identity, such as by providing your date of birth (where appropriate) or answering a security question, before we share any information. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

Correction rights: If you believe any of the personal information we hold about you is incorrect, incomplete, out of date or misleading, you can request an update and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

Marketing communications: You can opt-out of receiving marketing communications at any time. If you would like to update your communication preferences for our fundraising activities, including the topics and frequency of contact, please let us know.

To authorise another person (including family members) to access your details, please notify us in writing, and we will record your request.

12. WHAT HAPPENS IF YOU DO NOT PROVIDE US WITH THE PERSONAL INFORMATION WE REQUEST?

Where lawful and practicable, you may choose to remain anonymous or interact with us without providing personal information. However, if you choose not to provide some or all of the requested details, we may be unable to offer certain services or respond effectively.

For example, if you do not provide the required personal information when donating or purchasing merchandise, products, or services, we may be unable to process your transaction correctly or issue a tax-deductible receipt or invoice. Similarly, if you apply for a volunteer or paid position and do not provide the necessary information, we may be unable to process your application or respond in a timely manner.

When necessary and where reasonably possible, we will inform you of any consequences of not providing certain information.

13. USE OF COOKIES AND ANALYTICS

What we use

Like many websites, we collect information about your usage when you view our websites or social media pages. Some of this data may be stored on your device in form of cookies or similar files.

Cookies

  • Small text files stored on your device
  • Help remember your preferences
  • Enable certain website functions
  • Make your interactions with our website more efficient

Tracking Pixels

  • Tiny, invisible images in web pages and emails
  • Help us understand how you interact with our content
  • Allow us to measure email engagement
  • Enable more relevant content delivery

How we use these technologies

Essential Functions

  • Remember your login status
  • Maintain your session security
  • Store your preferences
  • Enable core website features

Analytics and Performance

  • Understand how our website is used
  • Measure page views and traffic
  • Analyse user navigation patterns
  • Identify areas for improvement

Personalisation

  • Remember your preferences
  • Tailor content to your interests
  • Improve your browsing experience
  • Provide relevant recommendations

Your control

You can manage these technologies by:

  • Adjusting your browser settings to block or delete cookies
  • Using privacy-focused browser extensions
  • Configuring your email client to block images
  • Using our cookie preference settings

Note: Blocking all cookies may affect website functionality and your user experience.

Google Analytics

We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google's advertising features through your Google account settings, browser add-ons, or your device's privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google's privacy pages.

Meta advertising tools

We use Meta's advertising tools (such as Meta Pixel) to understand how our ads perform and to show you more relevant advertisements on Meta platforms like Facebook and Instagram when you visit our website or app. You can manage whether we connect information from our website with your Meta account for advertising purposes by adjusting your settings within your Meta account preferences.

Google reCAPTCHA and website security

We use automated security and fraud prevention technologies, including Google reCAPTCHA v3, on some of our websites and online forms to help protect against unauthorised access, spam and other abusive or fraudulent activity. These technologies may collect and analyse information such as your IP address, browser and device information, and behavioural data relating to interactions with our websites. This information is used to verify that access attempts are legitimate and to maintain the security and integrity of our online services.

14. HOW TO CONTACT US ABOUT YOUR RIGHTS OR TO MAKE A COMPLAINT AND WHAT HAPPENS NEXT

Step 1: Contact our privacy officer

Write to us: Children's Medical Research Institute 214 Hawkesbury Rd Westmead NSW 2145 Australia

Phone: 1800 436 437 (during regular business hours)

Email: [email protected]

What to include:

Your full name, contact details, clear details about your request or complaint, and any relevant dates or reference numbers.

Step 2: Our response

We will:

  • Verify your identity before processing your request
  • Investigate thoroughly (for complaints) or process your request (for rights)
  • Respond to you in writing within reasonable timeframes
  • Explain what actions we will take and keep you updated on progress
  • Not charge you for making a request (except for reasonable access fees if applicable)
  • Help you understand and exercise your rights

Step 3: If you're not satisfied (complaints only)

If you're not satisfied with our response to your complaint, you can:

  • Ask for a review by our senior management, or
  • Contact the Office of the Australian Information Commissioner (Phone: 1300 363 992, Website: www.oaic.gov.au)

This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

15. CHANGES TO THIS PRIVACY POLICY

CMRI may amend this Privacy Policy from time to time, by posting the revised version on our website. We encourage you to review this Privacy Policy from time to time to stay current with any policy changes (The revised versions will take effect immediately upon publication).

Policy updated – April 2026

Back to Top