Last Updated: June 2021

Digital Health CRC Limited (“DHCRC”) is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).  The APPs regulate how personal information is handled by DHCRC.

Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.  DHCRC’s Privacy Policy applies to personal information collected and/or held by DHCRC.

We will review this policy regularly, and we may update it from time to time.

The types of personal information we collect and hold

We collect personal information about our customers, partners, students and collaborators, as part of our routine activities.

We also collect personal information about our staff, contractors and suppliers, as well as the contact details of individuals who work for current, past and prospective customers, suppliers, and other types of professional associates and personal contacts.

How we collect personal information

Information that you specifically give us

We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us.  This might happen over the telephone, through our website, by filling in a paper form, or meeting with us face-to-face.  We will give you a Collection Notice at the time, to explain how we will use the personal information we are asking for.  The notice may be written or verbal.

You might also provide your personal information to us, without us directly asking for it, for example, if you engage with us on social media.

Information that we collect from others

If you apply for a job or contract with us, we will collect personal information about you from your referees.  We may also check some details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases University academic records or the Document Verification Service.

Information that we generate ourselves

We maintain records of the interactions we have with customers, partners, students and collaborators, including the products and services (including research) we have provided to you.

We collect limited information about users of our websites, for diagnostic and analytic purposes.  We use cookies and gather IP addresses to do so, but we do not trace these back to individual users.

The types of personal information we collect

The types of personal information we collect about customers, partners, students and collaborators includes:

  • Name and contact details (including e-mail and postal addresses); and
  • Academic records regarding our higher degree research students.

Links to other sites

On our website, we may provide links to third-party websites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before providing your personal information via any other website, we advise you to examine the terms and conditions of using that website and its privacy policy.

How we use personal information

We may use your personal information for the following purposes:

  • to provide the service or product you have requested
  • to answer your enquiry about our services, or to respond to a complaint
  • to manage our employment, research or business relationship with you
  • to promote our other programs, products or services which may be of interest to you (unless you have opted out from such communications)
  • to comply with legal and regulatory obligations, including obligations under our Commonwealth Funding requirements;
  • to fulfil the Objects under DHCRC’s Constitution;
  • if otherwise permitted or required by law, or
  • for other purposes with your consent, unless you withdraw your consent.

We will keep personal information about you, to use for the above purposes, until it is no longer required for the purpose it was collected.

When we disclose personal information

Our third-party service providers

The personal information of customers, partners, students and collaborators, staff, suppliers and other contacts may be held on our behalf outside Australia, including ‘in the cloud’, by our third-party service providers.  Our third-party service providers are bound by contract to only use your personal information on our behalf, under our instructions. Our third-party service providers are Google Analytics, Office 365, Salesforce and Xero.

Other disclosures and transfers

We may also disclose your personal information to third parties for the following purposes:

  • if necessary to provide the service or product you have requested
  • if otherwise permitted or required by law; or
  • for other purposes with your consent.

Accessing or correcting your personal information

You have the right to request access to the personal information DHCRC holds about you.  Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period, and without unreasonable expense, our current charges are $90 per hour.

You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date.  Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period.  We do not charge for making corrections.

To seek access to, or correction of, your personal information, please contact our Privacy Officer.

To contact our Privacy Officer

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:

Our Privacy Officer is:

General Counsel


Mail: Digital Health CRC Limited, Tank Stream Labs
Level 8, 11 York Street
Sydney NSW 2000

While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as above.  We will acknowledge your formal complaint within 10 working days.

If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001.