Privacy Policy

Version 1.0, January 2016

1.1 Purpose

Baycrest Technology Pty Ltd ('CNSDose') is committed to respecting the privacy and confidentiality of your personal information.

CNSDose must comply with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) included in the Privacy Act and other privacy laws that govern how companies like CNSDose handle your personal information (including your health information and the results of your tests).

The purpose of this Privacy Policy is to help you understand what information CNSDose collects and holds about you and the way CNSDose handles that information.

The principles set out in this Privacy Policy will apply to any personal information you provide to us (including via our website and to information which we collect about you from other sources.

In this Privacy Statement, “CNSDose”, “we” and “us” means Baycrest Technology Pty Ltd as applicable.

1.2 The Short Version

Most Privacy Policies aren’t exactly riveting reading. Unfortunately, this one isn’t any different. That’s just the nature of Privacy Policies. We won’t take it personally if you want to just review the summary version below – the full version is always available for you to read whenever you’re suffering from insomnia.

To summarise:
* We take the privacy and security of your data very seriously
* We recognise that your data is just that, yours, and will endeavour to do everything in our power to protect it, and keep it safe and secure
* We will never (ever!) sell your personal information and you will always be made aware of and retain control over how your data is used
* You have the right to delete all information held by us for you at any time, including the destruction of your DNA sample
* If at any time you feel like we haven’t lived up to your expectations, or have questions about our privacy policy, please feel free to get in touch via [email protected]
* In the unlikely event that we don’t address your complaint to your satisfaction, you can contact the Office of the Australian Information Commissioner (OAIC) through their website

Part 2 - How CNSDose Handles Your Personal Information

2.1 CNSDose's Legal Obligations

As a private sector personalised healthcare company, CNSDose is required to comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

The APPs regulate how CNSDose may collect, use, disclose and store personal information and how individuals (such as CNSDose customers) may access and correct personal information which CNSDose holds about them.

For our customers, it’s obvious but it bears stating clearly: if you want to be a part of the CNSDose community and/or order CNSDose services, we will need to collect and use your personal information. There’s simply no way around that. If you provide incomplete or inaccurate information to us or withhold personal information from us we may not be able to provide you with the services you want. We’ll go even further and say that giving us complete and accurate information is in your own best interest, since the interpretation of your test results critically depend on the information you provide. Not doing so could result in recommendations that are misleading and potentially be harmful or dangerous to your health.

2.2 What Information Does CNSDose Collect?

For our customers, we collect information from you that is necessary to provide you with personalised health care services, including interpreting and delivering your results. We will only ask you for information that we need to provide you with the particular test or service you have registered for – no more and no less.

The type of personal information we collect about you includes your name, email address, address and telephone number.

We may also ask you for health information about your health history, family history, or your current lifestyle which are used to assist in analysing your test results.

In addition, we may need to collect sensitive information about your sex (gender), ethnicity and date of birth, all of which are important in interpreting your test results. In particular, the results of genetic tests are highly reliant on ethnicity information since expected genetic variations will differ significantly across ethnicities. Again, we will only collect sensitive information where it is essential to ensuring accurate interpretation of your test results.

Some of our tests are requested by your doctor for you. In this case, we will collect your email address and telephone number from your doctor in order to contact you in relation to your test. We will also collect some of your doctor’s personal information. We will collect the doctor’s name, AHPRA number, provider number, email address and practice name, address and telephone number. Once you have ordered a test, as requested by your doctor, your doctor’s details will be linked to your details.

Where you order a test that involves a partner, we will need to ask for some basic personal information about your partner. We will not ask you to divulge any health or sensitive information about your partner, other than their date of birth, which we use for security and identification purposes only. When you provide us with this information, we assume that you have your partner’s permission – it is your responsibility to ensure that your partner has agreed to allow you to do so. It goes without saying that we treat your partner’s information with the same care as we do yours, and that all the provisions of this Privacy Policy apply to their information equally.

We also collect and store your test results, delivered from our laboratory partners using secure, industry standard electronic protocols. These results include detailed information about your genetic code (specific to that particular test), analysis and interpretation of any genetic variations, and any recommendations based on that analysis. Where your test has been requested by your doctor, your test results will be provided to your doctor, unless you tell us that you do not want this to happen. If your doctor wishes to add notes to your record they will be able to and this information will be stored and be available to you.

Finally, our genetic tests require you to send us a sample of your saliva. While this may not be traditional “personal information”, we recognise that it’s actually more personal than most – your DNA is a part of you that you’re sharing. Of course, when we ask you to send us a saliva sample, it must actually be your saliva that’s in the test tube which you return to us. We don’t even want to think of why you might be using someone else’s saliva or how you obtained it – it’s just weird and would be a breach of your legal relationship with us.

Note that we do not have access to nor do we store your raw genetic code in electronic form, nor do we store any biological samples. Our laboratory partners do, however, store your genetic code in electronic form and your physical DNA sample along with your date of birth and ethnicity, in keeping with best practice protocols and standard laboratory procedures. We do not share your name with laboratory partners outside Australia and instead use a unique identifier which only CNSDose has access to. For further information refer to Section “2.10 Cross border disclosures”.

For Doctors who refer customers, we collect your contact and professional details, to enable us to validate your professional qualification, and make contact with you to communicate your patients’ results.

2.3 How Does CNSDose Collect Your Personal Information?

We will usually collect your personal information directly from you. For example, we may collect personal information about you via our website and your use of it, when you chat to us over the telephone, send us correspondence (whether by letter, fax or email) or when you have contact with us in person.

For some customers, we will be provided with your contact details from your doctor or your partner in order to contact you about a test. You will have the option to not to have the test done.

For some customers, we may need to collect information about you from a third party (such as your doctor). We will only do this if you have consented for us to collect your information in this way.

As mentioned previously, we also collect and store our customers’ test results, which are delivered using industry standard electronically secure protocols from our laboratory partners.

2.4 How does CNSDose use your information?

We will use your personal information for the primary purpose for which it was collected, for doctors to make contact with the patients, and for customers to provide them with our testing services. We will also use your personal information to improve our service and communications and to contact you about other services offered by us.

We will never (ever!) sell your personal information to any third party.

For our customers, there are a select number of third parties that we may disclose your personal information to, although this will only ever be in the context of the primary purpose for which it was collected. These third parties include our laboratory partners (Emory Genetics Laboratory (EGL) and Healthscope Pathology), genetic counsellors, your doctor, and (for the partner testing products) your partner.

  • It goes without saying that we’ll need to provide your personal information (and your saliva sample) to our laboratory partners. Not only does this ensure that your data is consistently and uniquely identified, but it forms the basis to an accurate analysis and interpretation of your genetic code, and therefore ensures that your results are helpful, useful and relevant. We do not share your name with third parties outside Australia and instead use a unique identifier which only CNSDose has access to. We cover sharing of your data our labs in more detail in Section 2.10. Note that any lab will retain your physical DNA sample to comply with local law and best laboratory practice.
  • Unless your doctor has ordered a test on your behalf, you will initially need to discuss the results of any CNSDose tests with a CNSDose genetic counsellor, regardless of the test outcome. A Genetic Counsellor is a highly trained health professional, expert in understanding and explaining genetics. They have made a career out of helping people understand genetic tests, interpreting and explaining genetic test results and walking people through their options if tests show potentially bad outcomes. Our Genetic Counsellors will need to access your personal information and your test results in order to walk you through your results and answer any questions you might have.
  • If your doctor has ordered a test on your behalf, we will send your test results directly to your doctor, who will then discuss these with you in the context of any ongoing care or treatment provided by them. If you’ve ordered the test yourself, you can choose to share your results with your doctor at any time. Again, your doctor will need to access your personal information and your test results in order to walk you through your results and answer any questions you might have. If you do not wish us to provide a copy of your results to your nominated doctor you must let us know. Alternatively, if your nominated doctor has changed or your doctor’s details have changed, you must let us know. Your nominated doctor may separately keep a copy of your test results, and we may do so on their behalf.
  • Finally, where you order a test with a partner, the doctor or genetic counsellor will use your combined results to make a more accurate assessment of your risks, for yourselves and your children. If you’re ordering a partner test you must be comfortable having a combined discussion with a genetic counsellor and receiving a combined result (it defeats the purpose if you’re not). It’s pretty obvious but you will need to share your personal information with your partner in order to receive a combined result. (Note that you can elect to receive your results separately – just let us know. Please be aware that in order to provide your results separately we will need to notify your partner of this fact and there may be an increased cost for a second genetic counselling session.)

There may be some additional circumstances where we need to disclose your personal information to third parties. This may be where we are required or authorised by law to do so, or you later consent for us to use your information for another purpose.

We recognise the sensitivity of our customers’ genetic information and take the security of this information seriously. We only work with partners and providers who have the same values. This means that we will take reasonable steps to ensure that our providers do not breach the APPs. In particular, both EGL and Healthscope have policies and procedures in place which afford substantially similar protections to our own privacy policy. More information about cross border data sharing can be found in Section “2.10 - Cross Border Disclosures”.

You can choose to revoke sharing permissions with a third party at any time. Contact us directly and we’ll investigate on how best to accommodate your request.

2.5 Access To Your Personal Information

You have a right to access your personal information that we hold. We will, on request, provide you with a suitable means of access to your personal information unless there is an exception which applies under the Privacy Act 1988 (Cth). In particular, this means that we will not provide customers with access to their test results prior to their session with a genetic counsellor or their doctor.

Your request to obtain access will be dealt with in a reasonable time. Please note that CNSDose may recover reasonable costs associated with supplying this information to you.

Should you wish to obtain access to your personal information, you can contact our Privacy Officer (see details below) who can give you more detailed information about CNSDose' access procedure.

2.6 Keeping Your Personal Information Up-to-date

CNSDose will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date.

If you believe that any of the personal information we hold about you is inaccurate, incomplete or out-of-date then you have the right to request we amend it. Please contact our Privacy Officer immediately (see below for details). We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.

Personal information is destroyed or de-identified when it is no longer needed.

Note that any laboratory will retain your physical DNA sample for a period of time, unless you have explicitly asked us not to during your registration process. It is retained to comply with local law and best laboratory practice, and potentially to provide future testing services which are requested. Customer’s extracted DNA will be stored in an access-controlled, secure cold storage facility on the laboratory premises in accordance with best practice laboratory procedures. Customers can choose to have their DNA sample destroyed at any time by contacting the Privacy Officer at CNSDose in accordance with Section 2.8.

2.7 Data Security

We are committed to ensuring the information you provide us is secure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect your privacy and prevent unauthorised access, modification to or disclosure of that information.

Where possible, we will retain your data within Australia. However for technical, performance and best practice security reasons, we may need to make use of data storage companies that are owned and exist outside Australia. At the moment, this is only the USA, and a full list of them will be available from time to time from our Privacy Officer. We will only work with partners who take your privacy as seriously as we do.

Section “2.10 - Cross Border Disclosures” gives you more information on how we share relevant personal information with our lab partners.

Where you have consented to share data with a third party, we will only share relevant personal information and for that particular purpose. Where possible and appropriate, we will endeavour to share your information on an anonymous basis, so your identity is not disclosed.

2.8 How to Contact Us

If you have questions or comments about this Privacy Policy, have questions about how your personal information is collected or used, or wish to make a complaint about a breach of your privacy, please contact our Privacy Officer at:


Attention: The Privacy Officer


[email protected]

If you make a complaint we will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you within 30 days whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

While we’d like to think we can answer all your questions and resolve any issues to your satisfaction, you may not always agree. In that case, or if you think we have breached an APP, you can choose to lodge a complaint with the Australian Information Commissioner (OAIC) through their website:

2.9 Currency

We may amend this Privacy Statement as our business requirements or the law changes. Any changes to this Privacy Statement will be updated on our website, so please visit periodically to ensure that you have our most current privacy statement.