TRC Privacy Policy

Version 1.0, last updated 30.10.23

The Resilience Collaborative (TRC) is managed by The George Institute for Global Health (The George Institute, we and our), and we are committed to handling personal information in accordance with applicable privacy laws, including the Australian Privacy Principles (APPs) set out in the Australian Priva-cy Act 1988 (Cth).


This privacy policy aims to give you information on how we collect and processes your personal infor-mation through your use of this website, including any data you may provide through this website when you subscribe to or register to participate in TRC.
This website is not intended for children and we do not knowingly collect data relating to children.


It is important that you read this privacy policy together with The George Institute’s Privacy Policy (here) any other privacy policy we may provide on specific occasions when we are collecting or pro-cessing personal information about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices, statements, consents and privacy policies in rela-tion to TRC and is not intended to override them.

What types of personal information do we collect and why?

Information you provide

We collect the information you provide when you register to participate in TRC. This includes your name and contact details such as your email address. We will also collect the information you provide by way of any optional surveys you chose to participate in (including any age, sex, health and demographic information).

We collect this information to:

  • send you newsletters
  • communicate with you
  • provide you with access to the services provided by TRC, including participating in surveys
  • provide you with information and updates about TRC
  • share and send you details on other products, services and offers which we think may be of in-terest to you (we refer to these are marketing and promotional materials)
  • improve the services provided by TRC (by asking you to provide a review, take a survey or ana-lysing data)
  • to seek any further personal information and/or consent to use your data
  • send you important information regarding changes to our services, out terms and conditions and other administrative, technical or commercial information
  • to comply with applicable laws and/or regulations
  • for any other lawful, legitimate business purpose, including maintaining records and reporting for monitoring, evaluation and learning

The TRC website

We may We may also collect information about how you access, use and interact with this website. This information may include your user IP address and internet provider name and address, the date and time of your visit, the pages you accessed and any documents downloaded, any website visited prior to accessing our site and the type of browser used.

This information (which is unlikely to contain personal information) is collected to monitor the activity on the website and to distinguish you from other users of the website in order to optimise and simplify your use of the site.

Can you deal with us anonymously?

You will be able to register to participate in TRC anonymously or by using a pseudonym, unless this is unlawful or impractical.

How do we collect and hold your personal information?

From you

We collect your personal information directly from you when you register to participate in TRC.

The TRC website

This website uses cookies, which are small text files that are stored in your local browser cache when you visit a website. Using cookies makes it possible to recognise the visitor’s browser in order to optimise the particular website and simplify its use. Information collected via cookies is not used by us to determine the personal identity of a visitor. Most browsers are set up to accept these cookies automatically. You can deactivate the storing of cookies or adjust your browser to inform you before a cookie is stored on your computer.

How do we store and hold your personal information

We store and hold your personal information in electronic records and systems operated either by us or our external service providers who are performing services in relation to the register and responsible to us.

We use physical security and other measures to ensure that personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure. Please refer to the section under Data Security below.

How do we disclose your personal information?

We may disclose your personal information to authorised register staff and external service providers, such as those who provide IT, analytics, cloud storage or technical support or delivery services or who are otherwise performing services in relation to the register and responsible to us. Our register staff and external service providers must comply with privacy and confidentiality terms regarding the protection of your personal information as part of their employment or engagement with us.

We may share your personal information as directed or permitted by law or court order or otherwise with law enforcement bodies, regulators, our insurers, external legal advisors, government agencies, courts or other third parties where we believe disclosure is necessary to: (i) comply with applicable law; (ii) exercise, establish or defend our legal rights; (iii) protect your rights or vital interests or those or any other person; or (iv) detect, prevent or otherwise address security, fraud or technical issues.

We may also share your personal information with: (i) other parties with your consent and in accordance with this Privacy Policy; and/or (ii) third parties who are or may be involved in the funding of TRC, any actual or proposed acquisition, joint venture, assignment, refinancing, reorganization or transition of all or any TRC service to another provider provided that we have taken all reasonable steps to ensure that those parties are bound by relevant privacy and confidentiality terms regarding the protection of your personal information, any disclosure is conducted in compliance with applicable laws and they are informed that they must use your personal information only for the purposes disclosed in this Privacy Policy.

Data Security

We have put in place measures to protect the security of your information. We limit access (by physical and technical safeguards) to your personal information to those staff and trusted external service providers who have a business or legal need to know.

We maintain computer and network security by using firewalls, user identifiers and strong authentication and authorisation measures to control access to our computer system.

We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Newsletter and marketing

You will receive a regular electronic newsletter from TRC but you can unsubscribe if you wish by following the opt-out instructions provided in the communication.

We may also use your personal information to offer you products and services which we believe may interest you. If we do, then you will be able to opt-out at any time.

Where you receive electronic marketing communications such as event communications and newsletters from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

Do We Disclose Personal Information To Overseas Recipients? 

Your personal information may be transferred to, processed and stored in countries other than the country in which you are resident, including the United States, Australia, Canada, the European Union and UK. The recipients of such information may be located in any country where The George Institute  has a place of business and additional territories where our suppliers and partners may transfer data, details of which can be provided upon request.

We take appropriate safeguards to protect your personal information specifically in relation to any international transfer. This includes implementing agreements that include safeguards and protections for any use of your personal information by our group entities and incorporates the European Commission’s Standard Contractual Clauses and other data transfer mechanisms and/or rely on the European Commission adequacy decisions for certain countries outside of the European Economic Area should it be applicable with our third party service providers and partners. Subject to confidentiality provisions, further details can be provided upon request.

How long will we keep your information?

The TRC register is intended to be a long-term project and has no end date, with data intended to be stored indefinitely or until you request to be removed from the register.

We will retain your personal information for as long as you use the TRC services, for as long as reasonably necessary to fulfil the purposes we collected it for, to satisfy any regulatory or reporting requirements, to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

When we are no longer required to retain the personal information as described above, we will destroy, erase, or de-identify it. Legal requirements, however, may require us to retain some or all of the personal information we hold for a period of time that is longer than that for which we might otherwise hold it.

Your Consent

If we have collected and process your personal information with your consent (including any sensitive or special category data), then you can withdraw your consent at any time by contacting us using the details provided under How To Contact Us. Please note, such withdrawal will not affect the lawfulness of any collection, processing, use or transfer prior to your withdrawal.

Legal basis for processing

Our legal basis for collecting and using your personal information will depend on the personal information concerned, applicable laws and the specific context in which we collect it.

However, we will normally collect personal information from you only (i) where we need the personal information to perform a contract with you (such as to provide the TRC services), (ii) where the processing is in our legitimate interests and not overridden by your rights, and/or (iii) where we have your consent (which you have the right to withdraw). In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate and provide the TRC services, to communicate with you as necessary to provide those services to you (including to notify you of any new or any updates to this Privacy policy or any other TRC policy) and for our legitimate commercial interests such as responding to your queries, improving TRC’s service offerings or detecting and preventing data breaches and/or illegal activities. We may have other legitimate interests and we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, you can contact us using the details provided under the How To Contact Us section below.

How can you access and seek correction of your personal information held by us?

You may request access to, or seek correction of, your personal information that is held by us in the TRC register by writing to us at:

Address: Level 18, International Towers 3, 300 Barangaroo Ave, Barangaroo 2000 NSW, Australia ; or
Email: privacy@georgeinstitute.org

We will generally not charge a fee for such requests, but we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Typically, we will respond to your request within 10 – 20 business days, but sometimes we may require more time depending on the circumstances.

In your request, please ensure that you provide a reply address, so that we can contact you if we are unable to locate your personal information, if we need to verify your identity, or if we cannot carry out your request (in which case, we generally tell you why).

What should you do if you have a complaint about the handling of your personal information?

Please set out your complaint in writing to the Privacy Officer:

Address: Level 5, 1 King Street, Newtown, NSW 2042 Australia; or
Email: privacy@georgeinstitute.org

Please provide sufficient information, so that the we can consider your concerns and contact you. Typically, we will respond to your complaint within 10 – 20 business days.

If you are not satisfied with our response, or you consider that we may have breached our legal obligations, you are entitled to make a complaint as follows:

  • If you are located in Australia, The Office of the Australia Privacy Commissioner can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au .
  • If you are located in the EEA you may wish to lodge a complaint with a supervisory authority within the EEA.
  • If you are located in the United Kingdom, you may wish to lodge a complaint with the Information Commissioner’s Office (ICO) via https://ico.org.uk/make-a-complaint.

How are changes to this privacy policy made?

We may update this Privacy Policy from time to time, with or without notice to you.

When we do update this Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material changes if and where this is required by applicable data protection laws.

Please refer to this website for the latest copy of this Privacy Policy.

The latest copy of TGI’s Privacy Policy can be accessed here.