Privacy Policy
This summary sets out the key points about how we handle personal information.
We collect, hold, use and disclose personal information to carry out our functions or activities under the
Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).
Disclosure
We don’t disclose sensitive information about you unless you agree, or would reasonably expect us to.
Web traffic information we collect using Google Analytics may be stored overseas.
About this policy
The Privacy Act 1988 requires entities bound by the Australian Privacy Principles to have a privacy policy. This privacy policy outlines the personal information handling practices of the company.
This policy is written in simple language. The specific legal obligations of the company when collecting and handling your personal information are outlined in the
Privacy Act 1988 and in particular in the Australian Privacy Principles found in that Act. We will update this privacy policy when our information handling practices change. Updates will be publicised on our website and through our email lists.
Overview
We collect, hold, use and disclose personal information to carry out functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).
These functions and activities include:
  • handling privacy and freedom of information (FOI) complaints and FOI reviews
  • taking other regulatory action under the Privacy and FOI Acts
  • providing advice on privacy, FOI, and information policy issues
  • consulting with stakeholders, for example, on privacy or FOI guidance
  • maintaining registers, such as organisations that have opted-in to Privacy Act coverage
  • responding to access to information requests
  • communicating with the public, stakeholders and the media including through websites and social media.
Collection of your personal information
At all times we try to only collect the information we need for the particular function or activity we are carrying out.
The main way we collect personal information about you is when you give it to us, for example, we collect personal information such as contact details.

We may also collect contact details and some other personal information if you are on our committees or participating in a meeting or consultation with us.
Collecting through our websites
Where our websites allow you to make comments or give feedback we collect your email address and sometimes other contact details. We may use your email address to respond to your feedback. We store this personal information on servers located in Australia.
Analytic, session and cookie tools
We use a range of tools provided by third parties, including Google, Bing and our web hosting company, to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites.
The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them. In relation to Google Analytics you can opt out of the collection of this information using the
Google Analytics Opt-out Browser Add-on.
Social Networking Services
We use social networking services such as Twitter, Facebook and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.
Email lists
We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on activities and to administer the lists.
Disclosure of sensitive information
We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree.
Disclosure of personal information overseas
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. For further information see Google Data Centers and Google Locations.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date and complete we:
  • record information in a consistent format
  • where necessary, confirm the accuracy of information we collect from a third party or a public source
  • promptly add updated or new personal information to existing records
  • regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
Storage and security of personal information
We take steps to protect the security of the personal information we hold from both internal and external threats by:
  • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information
  • taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
  • conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
For further information on the way we manage security risks in relation to personal information we hold see our supplementary material on information technology security practices, below.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.