Privacy Policy

About the RIRDC privacy policy

The purpose of this privacy policy is to:

  • clearly communicate the personal information handling practices of the Rural Industries Research and Development Corporation (Corporation)

  • enhance the transparency of the Corporation’s operations, and

  • give individuals a better and more complete understanding of the sort of personal information the Corporation holds, and the way we handle that information.

If you would like to request the privacy policy be made available in an alternate format, such as for the vision impaired, please also contact the privacy officer. Reasonable steps will be taken to provide alternate access.

This privacy policy is reviewed and updated annually. Updates will be provided on our website and through our email lists. The privacy policy was last reviewed in March 2014. 

Our obligations under the Privacy Act

This privacy policy sets out how we comply with our obligations under the Privacy Act 1988 (Privacy Act). As an Australian Government agency, we are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act which regulate how government agencies collect, use, store and disclose personal information, and how individuals may access and correct personal information held about them.

Personal information

Personal information is defined in s 6(1) of the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not, and

  • whether the information or opinion is recorded in a material form or not’.

What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances. For example, personal information could include:

  • a name or address

  • bank account details

  • photos or videos

  • information about an individual’s traits, their opinions or where they work.

Note: information does not have to include an individual’s name to be personal information. For example, in some cases, a date of birth and post code may be enough to identify a person.

Sensitive information

Sensitive information is a subset of personal information with additional requirements under the Privacy Act. 

Sensitive information is defined in the Privacy Act as:

  • information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record that is also personal information; 

  • health information about an individual;

  • genetic information about an individual; or

  • biometric information that is to be used for the purpose of automated biometric verification/identification and biometric templates.

Types of personal information collected and held

We may collect and hold a variety of personal information, as included in the table below.


Information Type

 

Description

Personal information

 
  • name

  • age and gender

  • contact details (including address, phone and email addresses)

  • bank account details

  • photos, videos or audio of individuals

  • employment details

  • education details (level of education, study assistance and courses)

  • financial information (ABN)

Sensitive information (a subset of Personal information)

 
  • racial or ethnic origin

  • trade or professional associations and memberships

  • union membership

  • criminal record

  • health information


Anonymity

We provide the option for individuals to not identify themselves, or of using a pseudonym when dealing with the Corporation in some situations (unless it is impracticable to do so, or the department is legally required to deal with individuals who identify themselves).

These situations could include if you seek general information about a program, grant or consultation process (for example). Identification will generally only be necessary where it would be inappropriate not to identify yourself, such as if  you are enquiring about the status or details of your own application for a particular program.

Collection of your personal information

Why the Corporation collects your personal information

Where the Corporation collects and holds your personal information, it is collected and held for our business purposes, which are generally to provide services to you.

We collect and hold a broad range of personal information in records relating to:

  • individuals participating in programs and initiatives that we fund

  • the management of contracts and funding agreements

  • individuals on our committees or participating in a meeting or consultation with us

  • correspondence from members of the public or organisations to us

  • complaints (including complaints relating to privacy) and feedback provided to us

  • requests made to us under the Freedom of Information Act 1982

  • requests for access to information we hold about you or other information about the Corporation’s operations

  • the performance of our legislative and administrative functions

  • employment and personnel matters for our staff and contractors.

How the corporation Corporation collects your personal information

We generally collect personal information from you when you communicate with us. We collect personal information through a variety of means including through using forms (either electronic or hard copy), online portals, other electronic or paper correspondence (including emails and written correspondence) and at times verbal conversations or interviews. 

In many cases, when we collect your personal information, we will issue you with a privacy notice explaining the purpose of the collection, the intended use of the personal information and to whom we may disclose it.

When we collect personal information about you, in the majority of cases, this will be information provided directly from you for the particular function or activity we are carrying out.

Other entities that may collect your personal information on behalf of the corporation

As well as collecting personal information directly from you, we may also collect your personal information through other individuals or organisations acting our behalf, including those such as contracted service providers. If this occurs, such collection will be in accordance with the APPs.

Unsolicited personal information

On occasion, unsolicited personal information is provided to the Corporation by individuals (or other entities) without it being requested. In such circumstances we will determine whether or not we could have collected the personal information via our regular methods and if so we may use and handle the personal information as if we had collected it. If we determine that the personal information could not have been collected by us via our regular methods and the information is not contained in a Commonwealth record, we will destroy or de-identify the information provided it is lawful and reasonable to do so.

Information collected through our website and online services 

A variety of information is collected by using our website and online services. Some of this may be personal information, which is summarised in the table below:

Information type

 

Treatment

Emails and electronic forms

 

Our servers may record your email address if you send us a message online. Your email address will not be added to a mailing list unless you have provided it to the Corporation in order to subscribe to one of our subscription services.

Where you choose to send us a completed electronic form that includes your personal details, the Corporation collects personal information such as name, address and email address. The information collected by email or electronic forms will be used only for the purpose for which you provided it, unless an exception applies.

For those who do not wish to use the internet to transmit information, we provide alternative ways of providing information. For example, forms may be printed (or obtained in hard copy) and lodged by post.

Clickstream data

 

We make a record of your visit to the website and log the following information for statistical purposes: the user's Internet Protocol (IP) address, the date and time of the visit to the site, the web pages accessed and documents downloaded, the previous site visited, and the user's web browser and operating system.

Google Analytics

 

In addition to web server logs, our website also uses Google Analytics, a web analytics service provided by Google Incorporated (Google). Reports obtained from Google Analytics are used to help improve the Corporation’s website. Google Analytics uses 'cookies' to help analyse how users use the site.

The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.

By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to Google's privacy policy for further information.



Storing and securing personal information

We will take all reasonable steps to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse.  Among other things, we take reasonable steps to safeguard our IT systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to our staff that needs such access in order to do their work.

When the personal information that we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.

This situation might arise where the Archives Act 1983 requires that we maintain your personal information because it is, or forms part of, a Commonwealth record. We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. More information on current disposal freezes is available from the National Archives of Australia website.

Personal information held by third parties

Under the Privacy Act we are required to take measures to ensure that when your  personal information is to be held by a third party, that the third party complies with the same privacy requirements applicable to the department.

We have privacy clauses in all of its legal documents, including funding contracts and deeds, services contracts and various other ad-hoc arrangements. This is to ensure third parties we deal with are required to handle personal information in accordance with the APPs.

Use and disclosure of your personal information

The purpose for collecting your personal information is important as it restricts how we can use and disclose your personal information, unless an exception in the Privacy Act applies.

Unless an exception applies, the corporation will:

  • only use or disclose your personal information for the primary purpose it was collected, and

  • notify you of this purpose at the time of collection, or as soon as practicable after collection.

We will only use or disclose your personal information for another purpose if you consent to that secondary purpose, or where you would reasonably expect us to use or disclose it for that secondary purpose (and the secondary purpose is related to the primary purpose). 

The Corporation may disclose your personal information to a third party if the disclosure is necessary to prevent or lessen a serious and imminent threat to the life, health or safety of you or another person and it is unreasonable or impracticable to obtain your consent.

The Corporation may disclose your personal information to overseas recipients only in accordance with the Privacy Act. Overseas recipients are likely to be located in numerous countries.

The Corporation will not otherwise disclose your personal information without your consent unless required or authorised by law.


Sensitive information 

If the Corporation holds any sensitive personal information about you, that information will only be used and disclosed by the Corporation if you have consented to such use and disclosure (your provision of that information will be taken to be consent), and will only be used and disclosed for the purpose that it was provided by you.

How to access and seek correction of personal information

Individuals have a right to request access to their personal information and to request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. Requests for access to or correction of personal information should be directed to our privacy officer whose details are provided below.

We will take reasonable and practicable steps to provide you access and/or make a correction to your personal information within 30 calendar days, unless we consider there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.

If we do not provide you access to your personal information, or refuse to correct your personal information, where reasonable we will:

  • provide you with a written notice including the reasons for the refusal

  • provide you with information regarding available complaint mechanisms, and

  • at your request, take reasonable steps to associate a statement with the personal information that you believe it to be inaccurate, out of date, incomplete, irrelevant or misleading.

Otherwise, if we correct your personal information, at your request, we will also take reasonable steps to notify other agencies or organisations (bound by the Privacy Act) of the correction; if we have previously disclosed your personal information to those agencies or organisations.

How to make a complaint

You can make a complaint if you believe we have breached the APPs or mishandled your personal information. Complaints should be directed to our privacy officer whose details are provided below.

Privacy breaches can be caused by a variety of factors, affect different types of personal information and give rise to a range of actual or potential harm to individuals, agencies and organisations. Consequently, there is no single way of responding to a privacy breach. Each breach will need to be dealt with on a case-by-case basis. All complaints and alleged privacy breaches will be investigated by the privacy officer and the complainant will be advised of the outcome.

For further information about privacy issues, see the Office of the Australian Information Commissioner's website at www.oaic.gov.au.

How to contact us

If you wish to make any comments or suggestions about the privacy policy, you can do so by contacting the privacy officer within the Corporation via:

Email: privacy@rirdc.gov.au

Phone: (02) 6271 4150

Mail: Privacy, Rural Industries Research and Development Corporation, PO Box 4776, Canberra ACT 2601.

Any comments and/or suggestions will be reviewed and considered by our privacy officer.