We collect and hold a broad range of personal information in records relating to:
individuals participating in programs and initiatives that we fund
the management of contracts and funding agreements
individuals on our committees or participating in a meeting or consultation with us
correspondence from members of the public or organisations to us
complaints (including complaints relating to privacy) and feedback provided to us
requests made to us under the Freedom of Information Act 1982
requests for access to information we hold about you or other information about the Corporation’s operations
the performance of our legislative and administrative functions
employment and personnel matters for our staff and contractors.
How the corporation Corporation collects your personal information
We generally collect personal information from you when you communicate with us. We collect personal information through a variety of means including through using forms (either electronic or hard copy), online portals, other electronic or paper correspondence (including emails and written correspondence) and at times verbal conversations or interviews.
In many cases, when we collect your personal information, we will issue you with a privacy notice explaining the purpose of the collection, the intended use of the personal information and to whom we may disclose it.
When we collect personal information about you, in the majority of cases, this will be information provided directly from you for the particular function or activity we are carrying out.
Other entities that may collect your personal information on behalf of the corporation
As well as collecting personal information directly from you, we may also collect your personal information through other individuals or organisations acting our behalf, including those such as contracted service providers. If this occurs, such collection will be in accordance with the APPs.
Unsolicited personal information
On occasion, unsolicited personal information is provided to the Corporation by individuals (or other entities) without it being requested. In such circumstances we will determine whether or not we could have collected the personal information via our regular methods and if so we may use and handle the personal information as if we had collected it. If we determine that the personal information could not have been collected by us via our regular methods and the information is not contained in a Commonwealth record, we will destroy or de-identify the information provided it is lawful and reasonable to do so.
Information collected through our website and online services
A variety of information is collected by using our website and online services. Some of this may be personal information, which is summarised in the table below:
| || |
Emails and electronic forms
| || |
Our servers may record your email address if you send us a message online. Your email address will not be added to a mailing list unless you have provided it to the Corporation in order to subscribe to one of our subscription services.
Where you choose to send us a completed electronic form that includes your personal details, the Corporation collects personal information such as name, address and email address. The information collected by email or electronic forms will be used only for the purpose for which you provided it, unless an exception applies.
For those who do not wish to use the internet to transmit information, we provide alternative ways of providing information. For example, forms may be printed (or obtained in hard copy) and lodged by post.
| || |
We make a record of your visit to the website and log the following information for statistical purposes: the user's Internet Protocol (IP) address, the date and time of the visit to the site, the web pages accessed and documents downloaded, the previous site visited, and the user's web browser and operating system.
| || |
In addition to web server logs, our website also uses Google Analytics, a web analytics service provided by Google Incorporated (Google). Reports obtained from Google Analytics are used to help improve the Corporation’s website. Google Analytics uses 'cookies' to help analyse how users use the site.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Storing and securing personal information
We will take all reasonable steps to protect your personal information from loss, unauthorised access, use, modification or disclosure, and against other misuse. Among other things, we take reasonable steps to safeguard our IT systems against unauthorised access, and ensure that paper-based files are secured. We also ensure that access to your personal information within our systems is only available to our staff that needs such access in order to do their work.
When the personal information that we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
This situation might arise where the Archives Act 1983 requires that we maintain your personal information because it is, or forms part of, a Commonwealth record. We are also required to maintain records for certain other purposes, including where the National Archives of Australia issues a disposal freeze in response to prominent or controversial issues or events. More information on current disposal freezes is available from the National Archives of Australia website.
Personal information held by third parties
Under the Privacy Act we are required to take measures to ensure that when your personal information is to be held by a third party, that the third party complies with the same privacy requirements applicable to the department.
We have privacy clauses in all of its legal documents, including funding contracts and deeds, services contracts and various other ad-hoc arrangements. This is to ensure third parties we deal with are required to handle personal information in accordance with the APPs.
Use and disclosure of your personal information
The purpose for collecting your personal information is important as it restricts how we can use and disclose your personal information, unless an exception in the Privacy Act applies.
Unless an exception applies, the corporation will:
only use or disclose your personal information for the primary purpose it was collected, and
notify you of this purpose at the time of collection, or as soon as practicable after collection.
We will only use or disclose your personal information for another purpose if you consent to that secondary purpose, or where you would reasonably expect us to use or disclose it for that secondary purpose (and the secondary purpose is related to the primary purpose).
The Corporation may disclose your personal information to a third party if the disclosure is necessary to prevent or lessen a serious and imminent threat to the life, health or safety of you or another person and it is unreasonable or impracticable to obtain your consent.
The Corporation may disclose your personal information to overseas recipients only in accordance with the Privacy Act. Overseas recipients are likely to be located in numerous countries.
The Corporation will not otherwise disclose your personal information without your consent unless required or authorised by law.
If the Corporation holds any sensitive personal information about you, that information will only be used and disclosed by the Corporation if you have consented to such use and disclosure (your provision of that information will be taken to be consent), and will only be used and disclosed for the purpose that it was provided by you.
How to access and seek correction of personal information
Individuals have a right to request access to their personal information and to request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. Requests for access to or correction of personal information should be directed to our privacy officer whose details are provided below.
We will take reasonable and practicable steps to provide you access and/or make a correction to your personal information within 30 calendar days, unless we consider there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.
If we do not provide you access to your personal information, or refuse to correct your personal information, where reasonable we will:
provide you with a written notice including the reasons for the refusal
provide you with information regarding available complaint mechanisms, and
at your request, take reasonable steps to associate a statement with the personal information that you believe it to be inaccurate, out of date, incomplete, irrelevant or misleading.
Otherwise, if we correct your personal information, at your request, we will also take reasonable steps to notify other agencies or organisations (bound by the Privacy Act) of the correction; if we have previously disclosed your personal information to those agencies or organisations.
How to make a complaint
You can make a complaint if you believe we have breached the APPs or mishandled your personal information. Complaints should be directed to our privacy officer whose details are provided below.
Privacy breaches can be caused by a variety of factors, affect different types of personal information and give rise to a range of actual or potential harm to individuals, agencies and organisations. Consequently, there is no single way of responding to a privacy breach. Each breach will need to be dealt with on a case-by-case basis. All complaints and alleged privacy breaches will be investigated by the privacy officer and the complainant will be advised of the outcome.
For further information about privacy issues, see the Office of the Australian Information Commissioner's website at www.oaic.gov.au.
How to contact us
Phone: (02) 6271 4150
Mail: Privacy, Rural Industries Research and Development Corporation, PO Box 4776, Canberra ACT 2601.
Any comments and/or suggestions will be reviewed and considered by our privacy officer.