The Privacy Act regulates how:
- agencies collect, use, disclose and store personal information, including sensitive information
- individuals may access and correct records containing their personal information.
We respect your rights to privacy under the Privacy Act. We comply with all the Privacy Act’s requirements in respect of the collection and management of your personal information.
- how we collect, use, store and disclose your personal information
- how you can access and correct your personal information.
This policy also covers the following related agencies:
- Australian Industry Participation (AIP) Authority
- Australian Space Agency
- Anti-Dumping Commission
- Anti-Dumping Commissioner
- Anti-Dumping Review Panel
- Chief Metrologist
- Chief Scientist
- Innovation and Science Australia and its committees:
- R&D Incentives Committee
- Innovation Incentives Committee
- Biomedical Translation Fund Committee
- Entrepreneurs Program Committee
- CRC Advisory Committee
- National Measurement Institute
- National Offshore Petroleum Titles Administrator
Unless the context otherwise requires, all references to the department in this policy include related agencies.
What personal information we collect
Our department collects personal information that is reasonably necessary for, or directly related to, its functions and activities. We will only use and disclose your personal information for the purposes it was collected, or otherwise in accordance with the Privacy Act.
The type of personal information we may collect includes, but is not limited to:
- mailing and/or street address
- email address
- telephone contact number
- facsimile number
- age and/or birth date
- profession, occupation and/or job title
- 'sensitive information' as defined by the Privacy Act (such as health information, and information about ethnicity, political opinions, religious beliefs, sexual preference etc.)
- photographic images and/or pictorial representations
- the products and services you have purchased or that you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries
- cookie and clickstream data (only limited personal information may be collected via cookies and clickstream data and individuals who do not wish to receive cookies may disable this function on their web browser)
- any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites, through our representatives or otherwise
- information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.
Business information provided to our department will not ordinarily fall within the definition of personal information under the Privacy Act but it may do so when the business information relates to sole traders and partnerships. Business information may also contain some personal information.
We understand that from time to time you may not want to provide this information to us. That’s fine, however, it may mean that we are not able to provide you with the products and services you require, or a high level of service. In circumstances where it will be impracticable for the department to deal with you anonymously, or through the use of a pseudonym, we will ordinarily request you to identify yourself to enable us to appropriately action your request and carry out its functions and activities.
How we collect your personal information
We will generally collect your personal information directly from you. The ways in which we collect personal information may include, but is not limited to:
- through your access and use of our website and web based channels
- during conversations with you via telephone and in person
- through written correspondence with you, including email
- when you complete an application.
From time to time, we may collect personal information from third parties including, but not limited to:
- persons who are authorised to act on your behalf
- other government agencies
- law enforcement agencies
- credit reporting agencies
- service providers to the department.
Collection of personal information from a third party may occur if:
- you consent
- collection from the third party is required or authorised under an Australian law, or a court/tribunal order
- direct collection is unreasonable or impracticable.
In limited circumstances our department may receive personal information about third parties from individuals who contact us or supply us with personal information belonging to others in the documents they provide. This is referred to as ‘unsolicited personal information’. In these circumstances we will consider whether the department could have collected the information had it solicited the information, and will handle it in accordance with the Privacy Act.
Why we collect your personal information
We collect personal information about you so that we can perform our functions and activities and to provide the best possible quality of customer service.
We collect, hold, use and disclose your personal information to:
- identify you
- provide products and services to you and to send communications requested by you
- answer enquiries, and provide information or advice about existing and new products or services
- provide you with access to protected areas of our website
- assess the performance of the website and to improve the operation of the website
- conduct business processing functions
- update our records and keep your contact details up-to-date
- process and respond to any complaint made by you
- conduct planning, product or service development; program evaluation; quality control and research for the purposes of this department, its contractors or service providers
- provide information to our contractors or service providers to enable them to provide our products and services to you, including business, marketing, research and related purposes
- comply with any Australian law; orders of courts or tribunals; any rule, regulation, lawful and binding determination, decision or direction of a regulator; or in co-operation with any governmental authority of any country (or political sub-division of a country).
How we disclose your information
We may disclose your personal information to:
- our employees, contractors or service providers for the purposes of operation of our website or our functions, fulfilling requests by you, and to otherwise provide information, products and services to you including, without limitation, web hosting providers, IT systems administrators, cloud computing services, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, research and related purposes or program
- any organisation for any authorised purpose with your express consent.
We may disclose personal information to third party suppliers and service providers located overseas for some of these purposes. We take reasonable steps to ensure that overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. However, it may be subject to local legislation.
- you consent
- the disclosure is authorised or required by or under an Australian law or court/tribunal order, or
- is otherwise permitted under the Privacy Act.
How we secure personal information
Once our department receives information from you, the information is maintained in a secure environment. Your personal information will not be released unless the law permits it or your permission is granted.
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed in accordance with the requirements of the Archives Act 1983 (Cth).
Employee, staff and contractor information
We collect and handle information for the purposes if recruiting and engaging staff and contractors, and to properly manage the employment of staff and our business affairs.
The types of information we collect and hold include:
- employee, contractor personal and contract details
- referee and emergency contact details
- job applications
- employment contracts, and other records relating to employment and contractor engagement
- salary and leave records
- superannuation, taxation and banking details
- medical certificates and health related information
- information relating to training, conduct and performance.
We will generally collect personal information directly from individual employees, contractors and applicants. We may collect information from other persons, such as supervisors, recruitment agents, and previous employers.
We will generally only disclose HR related personal information to an overseas entity if you consent, or if this is authorised or required by law.
We may collect and use your health and other personal information to ensure the health and safety of your work colleagues, including managing potential, suspected or confirmed cases of COVID-19 or similar medical conditions. We may also collect and use personal information about your family members, or others with whom you live for this purpose.
Your health and other personal information may be disclosed to officers within our department on a need-to-know basis. We may also need, or be legally required, to disclose your health and other personal information to other government entities, or third parties, including health authorities, for health and safety purposes.
Website and digital channel users
We collect information through our department's websites and digital services in a number of ways.
A cookie is a piece of information in a small data file that a website sends to your browser when you access the Department's website. Our website uses session-based cookies to gather website usage data, for the purpose of improving our website.
If you do not wish to have cookies placed on your device, you can change your web browser settings to reject cookies.
We use Google Analytics and Google Tag Manager, a web analytics service provided by Google Inc. (Google), to help improve the efficiency and usability of this website.
We use Hotjar, a behaviour analytics software, to help understand and improve how you use our website.
Hotjar may collect and process personal information that you provide when completing our surveys.
We use cloud-based technology by Converlens Pty Ltd to provide our Consultation hub service and website.
Converlens collects personal information in compliance with the Privacy Act and stores data securely in Australia.
Before you submit your information and comments in response to a consultation, we will ask you to review and accept a Privacy Collection Statement.
We use Swift Digital, an online marketing platform, to create, send and manage emails. Swift Digital may collect your personal information, including your email address and other information for the distribution of email campaigns and other important information. Before you subscribe to a Swift Digital email list or newsletter and submit your personal information, we will ask you to review and accept a Privacy Collection Statement.
All information the Swift Digital service collects is the property of our department and is never shared or used by third parties.
Swift Digital manages your data in compliance with Australia's SPAM Act 2003 and Australian privacy provisions. Swift Digital maintains data within Australia. It never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data Swift Digital stores is encrypted at rest.
If you want to know more about how Swift Digital manages data, you can find contact details on Swift Digital website.
You can opt out of our mailing list if you choose the ‘unsubscribe’ service provided by Swift Digital in every email, or contact us.
We use MailChimp to create, send, and manage emails. MailChimp may collect your personal information, including your email address and other information for the distribution of email campaigns and other personal information. Before you subscribe to a MailChimp email list or newsletter and submit your personal information, we will ask you to review and accept the departments and Mailchimp’s Privacy Collection Statement.
By subscribing to a MailChimp email list, you will have consented to your personal information being used as described above. This means:
- You understand and acknowledge that MailChimp is not subject to the Privacy Act 1988 (Cth). You will not be able to seek redress under the Privacy Act 1988 (Cth) but will need to seek redress under the privacy laws of the USA.
Our department complies with its cloud computing obligations in accordance with the guidelines issued by the Attorney-General. For further information, please refer to the Australian Government Information Security Management Guidelines.
As our website is linked to the internet, and we cannot provide assurance regarding the security of transmission of information you communicate to us via online channels. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Any personal information or other information which you send to us is transmitted at your own risk.
If you have concern in this regard, our department has other ways of obtaining and providing information (e.g. mail, telephone and facsimile facilities are available).
Links to other websites
Accessing and correcting personal information
You may request access to any personal information we hold about you at any time by contacting us on the details below.
Where we hold information that you are entitled to access, we will provide you with suitable means of accessing it (e.g. by mailing or emailing it to you). If you require access in a particular form, please indicate this in your request. Please note that under the Privacy Act, access may be refused in certain circumstances where the department is required or authorised to do so under the Freedom of Information Act 1982 (Cth), or another Commonwealth Act that provides for access to documents or information.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request to have it amended. We will consider whether the information requires amendment, and will take reasonable steps to correct or update your information where appropriate.
We will not charge you for giving access or making corrections to your personal information. We may need to ask you to verify your identity before we provide access to your information or correct it.
In circumstances where it is not appropriate to grant you access or amend your personal information, we will give you written notice of the reasons for our decision within 30 days of receipt of your request, together with information about mechanisms available to seek review if you do not agree with the decision.
Reporting a possible breach of privacy
If you believe that we have breached your privacy, please contact us using the contact information below and provide details of the incident so that we can investigate it.
When a complaint is received, we conduct internal enquiries into the possible breach. Our department will deal with your complaint as quickly as possible and will keep you informed of its progress. Once we have completed our internal enquiries, you will be advised of the outcome in writing.
If you are not happy with the response provided by our department, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). You can find information on how to make a complaint on the OAIC website.
Contacting our privacy officer
Requests and complaints will be treated confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. Please contact our Privacy Officer.
Australian privacy principles
The 13 APPs are divided into 5 different parts according to their different stages of personal information management running from the collection of personal information through to its disposal.