This privacy statement applies to personal information that we collect.
We are bound by, and champion, the provisions of the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles. These principles set out standards, rights and obligations for how to handle and maintain people's personal information. This includes how personal information is:
- quality assured
It also includes an individual's right to access or correct their own personal information.
How we handle personal information
Collecting personal information
We may collect personal information directly from you, your representative or a third party. While information is usually collected directly from you or another individual, in certain circumstances we may also obtain your personal information from other Australian state and territory government bodies, or other organisations.
We collect personal information in a variety of ways. These include:
- correspondence and submissions
- paper-based forms
- online (web-based forms and email)
- phone calls
We only collect personal information where that information is reasonably necessary for, or directly related to, administering the voluntary honour roll. Generally, we will only collect sensitive personal information (such as information on Aboriginal or Torres Strait islander background) if you have consented and it is reasonably necessary for, or directly related to, this activity.
Sometimes we may collect sensitive personal information without your consent, such as when it is required or authorised by law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government's executive authority. We will not collect any personal information if we do not need it.
Types of personal information that we hold
The personal information we collect and hold varies depending on what we need to perform our functions and responsibilities. It may include:
- your name, address and contact details (for example your phone number or email address)
- information about you or others recorded on an official document certifying death (for example next-of-kin information on a death certificate).
We may also collect or hold sensitive information. This could include information about:
- your racial or ethnic origin
Use and disclosure of personal information
We will not provide your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that other purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order. This includes express statutory provisions, as well as the more general application of the common law and the exercise of the Australian Government's executive authority
- it is reasonably necessary for an enforcement-related activity
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is necessary to help locate a person who has been reported as missing
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process
- we reasonably believe that it is necessary for our diplomatic or consular functions or activities.
The third parties that we may disclose your personal information to or who may collect personal information on our behalf, include but are not limited to:
- suppliers and other third parties with whom we have commercial relationships (for example, for research and programs directly related to our functions)
- any organisations for any authorised purpose that directly relates to one of our functions, with your express consent.
We will ensure that appropriate protections of your personal information are in place with these third parties, as per our obligations under the Privacy Act. This includes ensuring that research we commission involves the collection of de-identified (anonymised) data.
We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.
Consistent with the requirements of the Privacy Act, we take reasonable steps to ensure that the personal information we hold is safe and secure.
This includes protecting your personal information from:
- unauthorised access
- other types of misuse.
We safeguard our IT systems against unauthorised access, and ensure that paper based files are physically secured. We also ensure that personal information within our systems is only accessible to staff who need to have access in order to do their work.
If a data breach occurs, for example if personal information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with guidance provided by the Office of the Australian Information Commissioner: Data breach notification—A guide to handling personal information security breaches. We will aim to provide you with timely advice to ensure you are able to manage any loss—financial or otherwise—that could result from the breach.
When the personal information we collect is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order.
Data Breach Response Plan
Our Data Breach Response Plan sets out procedures and clear lines of authority for our staff if there is a data breach (or we suspect a data breach has occurred).
Download a copy of our data breach response plan.
This response plan enables us to contain, assess and respond to data breaches quickly, to help mitigate potential harm to affected individuals and to comply with the notifiable data breaches scheme that commenced on 22 February 2018.
Access and correct your personal information
You have a right to access personal information that we hold about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
When we can refuse a request for access or correction
We can decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act.
Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision.
Proof of identity
Your application to access or correct documents that contain your personal information must include evidence of your identity.
If you are seeking documents containing personal information on behalf of someone else, you must provide evidence of both your identities. You must also provide evidence that you have their consent to represent them.
Proof of identity must clearly show that you are the person whose personal information is being requested or corrected. This will include a physical address, as documents containing personal information may be sent to you by registered post rather than by email.
Forms of ID
Acceptable identity documents include:
- a passport
- a driver's licence issued by an Australian state or territory
- any other official identification in the English language that contains your photo, signature and address.
You can send us a photocopy of these documents or email us a scanned copy. Identification documents must be certified as a true copy of the original by a person having the power to witness a Commonwealth statutory declaration.
Find out more about statutory declarations.
Access your personal information under the FOI Act
You can also access and correct your personal information that is contained in documents we hold under the Freedom of Information Act 1982. In some circumstances we will suggest that you make your request for personal information under the FOI Act. This is because:
- An FOI access request can relate to any document in our possession and is not limited to your personal information.
- The FOI Act contains a consultation process for dealing with requests for documents that contain your personal information, as well as the personal or business information about another person.
- You can seek review of our decision by the Information Commissioner under the FOI Act if you are unhappy with it.
- If we refuse to give you access under the FOI Act, you have a right to apply for internal review or Information Commissioner review of that decision.
We will not charge you to access your personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act, if your request for access to documents goes beyond a request for your own personal information.
When you visit our website
Protecting your privacy online
We are committed to protecting privacy online in accordance with the Office of the Australian Information Commissioner's Guide to securing personal information.
While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.
When you visit any of our online websites or portals, our server logs the following information:
- the type of browser and operating system you are using
- your top level domain name, such as .com, .gov, .au, .uk
- the address of the referring site, such as the previous site that you visited
- your server's IP address, a number which is unique to the machine through which you are connected to the internet—usually one of your service provider's machines
- the date and time of your visit
- the address of the pages accessed and the documents downloaded.
We only use this information for statistical analysis and systems administration purposes. We make no attempt to identify users or their browsing activities. The exception is where a law enforcement agency is undertaking an investigation and has legal authority to identify users and/or their browsing activities.
A cookie is an electronic token that is passed to your browser which passes it back to the server whenever a page is sent to you.
Our server generates one cookie. It is used to keep track of the pages you have accessed while using our server. The cookie allows you to navigate back and forth from the website and return to pages you have already visited. The cookie exists only for the time you are accessing our server.
Information collected by third party software vendors
In addition to web server logs, this website uses several online tools, provided by third party software vendors, to measure website interaction and use. These tools help us make our site better by understanding the user experience and how users are interacting with our website content.
Third party software vendors we use include:
- Google analytics
- Google APIs (such as search console and reCAPTCHA)
For information on how these vendors handle your personal information, review their privacy policies.
Interaction between this site and other sites
This site contains links to other sites. These other sites may use web measurement tools, customisation technologies, and persistent cookies to inform the service they provide to their users.
We are not responsible for the privacy practices or the content of other sites.
We do not use, maintain or share personally identifiable information made available through social media sites including Facebook and YouTube. You should consult the privacy policies of other sites for information about their policies and practices.
Contact our privacy officers to:
- ask about our compliance with the Australian Privacy Principles
- access or correct the personal information we hold about you
- make a complaint about the way we have handled your personal information.
3–5 National Circuit
BARTON ACT 2600
We take all complaints seriously and are committed to a quick and fair resolution. We will respond to your request or complaint promptly if you provide your contact details.
You can also complain to the Office of the Australian Information Commissioner. If you do so, they may recommend that you try to resolve your complaint directly with us in the first instance.
Contact them on 1300 363 992 or via the Office of the Australian Information Commissioner. Their website also contains more information about making privacy complaints.