Summary
- We collect some personal information to provide you with better service.
- This is shared with third parties in limited circumstances.
- We will never sell or use your personal information for commercial purposes.
Introduction
As an Australian Government entity, Geoscience Australia (we, our, us) is bound by the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs). These regulate how:
- we collect, use, store and disclose personal information, including sensitive information
- individuals may access and correct records containing their personal information.
We define “personal information” the same way as the Privacy Act. Generally, it is any information that can be used to identify you, whether or not the information is true.
We respect your right to privacy under the Privacy Act and comply with Privacy Act requirements about how we collect and manage your personal information.
This document is our privacy policy and it tells you generally:
- what types of personal information we collect
- how we collect, use, store and disclose personal information
- the way in which you can access and correct your personal information
- how you can make an inquiry or complaint.
When we collect information from you, you will generally be provided with a collection notice about the specific types of personal information we are collecting at that time, why we are collecting your personal information, how we will use, store and disclose your personal information, and how you can access and correct your personal information.
What personal information we collect and why we collect it?
We collect personal information so we can use it in performing our functions and activities. We should tell you the specific reason why we need to collect your information at the time we collect it. Our most common reasons include:
- managing our employees, contractors and visitors
- conducting our scientific operations
- providing products and services to members of the public
- responding to queries, requests and complaints
- complying with Australian laws, regulations and court orders.
Most of the scientific data we collect is not personal in nature, but we do perform a small social science function that collects personal information in line with the Privacy Act and strict academic ethics guidelines.
We do not administer any legislation that requires us to collect personal information, but we may collect your personal information to comply with other legislation.
We should tell you the types of information we will be collecting at the time we collect it. The following points give a general overview of the types of information we might collect from you.
If you are an employee, we will collect information about your:
- identity
- contact details
- health
- pay and entitlements
- tax file number
- next of kin
- qualifications
- performance
- background, including criminal history.
If you are a contractor, associate or visitor to our office, we may collect information about your:
- identity
- contact details
- employer
- background, including criminal history.
If you sign up to a mailing list, we will collect your:
- name
- contact details.
If you are purchasing products from us, we will collect your:
- name
- contact and delivery details
- order details
- credit card information (if you order over the phone).
If you are visiting our website or a web service we may collect information about your interaction using cookies and clickstream data.
If you interact with us on social media, we may collect the information that is publicly visible on your account.
If you are a stakeholder we are working with, we may collect:
- your name
- your contact details
- other information relevant to our work together.
We understand that from time to time you may not want to provide this information to us; you may withhold providing your personal information. However, doing so may mean that we are not able to provide you with the products and services you require, or a high level of service. If it will be impracticable for us to deal with you anonymously or using a pseudonym, we will normally ask you to identify yourself so we can carry out our functions and activities.
Sensitive personal information
We collect limited amounts of sensitive personal information.
If you are an employee, prospective employee, contractor or require unescorted access to our facility we will collect information about your criminal history through a police records check. Access to this information is strictly controlled and is only used in assessing your suitability for employment or access.
If you are performing field work for us we will collect health information and share this with the team leader to ensure that any illness or injury that occurs during field work can be appropriately managed.
Email mailing lists
We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, Swift Digital collects personal information that may contain email addresses and other information to be used for the distribution of email campaigns and other information.
All information collected using the Swift Digital service remains our property and is never shared or used by third parties.
Swift Digital maintains your data in compliance with the Spam Act 2003 and the APPs.
All data held by Swift Digital is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.
Should you wish to contact Swift Digital, you can find contact details on their website.
How we collect your personal information
Most of the time we will collect your personal information directly from you, either in writing, over the phone or through an online form or system.
Sometimes, we may also collect your personal information from third parties including, but not limited to:
- other government entities
- our service providers
- law enforcement agencies.
We will only collect your personal information from a third party or a private source if:
- you consent; or
- we are required or authorised to collect the information under an Australian law or a court/tribunal order; or
- it is not reasonable or practicable for us to collect the information directly from you.
In rare circumstances, we may receive personal information we did not request. If this happens, we will handle the information in accordance with the Privacy Act.
Why we disclose your personal information
We will only disclose your personal information for the purposes it was collected and in accordance with the Privacy Act.
For specific details about to whom we may disclose your personal information and the reasons for doing so, please read the collection notice we provide when we request or collect your information.
We generally disclose personal information to third parties to:
- facilitate a service on our behalf, such as
- cloud computing services
- delivering a good or service to you
- processing information, such as financial information
- managing our human resources
- marketing and research
- facilitate a service on your behalf, such as financial services
- comply with an Australian law, regulation or court order.
Some of the third parties we disclose personal information to may be located overseas. As required by the Privacy Act, we take reasonable steps to ensure that overseas recipients of your personal information do not breach their or our privacy obligations.
We will not share or disclose your personal information without your consent other than as described in the collection notice or as required or allowed by law.
Managed Services Agreement
We use a Managed Services Agreement (MSA) for the provision of IT services. In performing their duties under this arrangement, the provider may pass limited personal information overseas, including to the European Union, the United States of America and India. This information is usually restricted to your name and contact details and is the minimum necessary for the purposes of maintaining our IT systems. This information will be held and used according to the requirements of the Privacy Act and the APPs.
Security
We maintain your personal information in a secure environment. We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification and disclosure. We destroy or de-identify personal information when we no longer need it, in accordance with the requirements of the Archives Act 1983.
However, as our website is linked to the Internet, we cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Any personal information or other information that you send to us is transmitted at your own risk.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. We encourage you to examine each website’s privacy policy.
If you have a concern in this regard, we might be able to obtain and provide information another way, such as mail, telephone or facsimile.
How you can access and correct your personal information
You may request access to any personal information we hold about you at any time by either directly contacting the team responsible for the information (if you know who they are) or by contacting us, using the contact information below.
Where we hold information that you are entitled to access, we will provide it to you by a suitable means (e.g. by mailing or emailing it to you). We will not charge you for providing the information.
If you believe that personal information we hold about you is incorrect or incomplete, you may request to have it amended. We will consider whether the information requires amendment. If so, we will do so without charging you. In the unlikely event that we do not agree that there are grounds for amendment, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you may seek review if you do not agree with our decision. Before correcting personal information we may require verification of your identity.
There may be rare instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if required or authorised to refuse access under Commonwealth legislation. If that happens, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal if you wish to do so.
How to contact us about a complaint or possible breach of privacy
If you would like to make a complaint or believe there has been a breach regarding your personal information we hold, please contact us using the contact information below and provide details of the incident so that we can investigate it.
When we receive a complaint or notification of a possible breach, we will conduct internal inquiries. We will deal with your complaint as quickly as possible and will keep you informed of its progress. Once we have completed our internal inquiries, we will advise you of the outcome in writing.
If the breach is an ‘eligible data breach’ under the Notifiable Data Breaches scheme, we will also notify the Australian Information Commissioner.
If you are not happy with the response we provide, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). Information on how to make a complaint can be found on the OAIC website.
Contacting us
If you have any other questions about this privacy policy, please use the Contact link on our website or contact our Privacy Officer via the details set out below.
Requests and complaints will be treated confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. Please contact our Privacy Officer at:
Privacy Officer
Geoscience Australia
GPO Box 378
Canberra ACT 2601
General Inquiries: 1800 800 173
Facsimile: 02 6249 9999
Email: security@ga.gov.au
Changes to our privacy policy
We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.
This privacy policy was last updated on 29 April 2019.