Geoscience Australia privacy policy
Last updated:17 April 2024
Summary
- We collect some personal information to provide you with better service.
- This is shared with third parties in limited circumstances.
- We will never sell or use your personal information for commercial purposes.
Introduction
As an Australian Government entity, Geoscience Australia (we, our, us) is bound by the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs). These regulate how:
- we collect, use, store and disclose personal information, including sensitive information
- individuals may access and correct records containing their personal information.
We define “personal information” the same way as the Privacy Act. Generally, it is any information that can be used to identify you, whether or not the information is true.
We respect your right to privacy under the Privacy Act and comply with Privacy Act requirements about how we collect and manage your personal information.
This document is our privacy policy and it tells you generally:
- what types of personal information we collect
- how we collect, use, store and disclose personal information
- the way in which you can access and correct your personal information
- how you can make an inquiry or complaint.
When we collect information from you in a manner that is consistent with this policy, we may provide a link to this privacy policy to inform you about our collection and use of your personal information. In circumstances where we are collecting other types of personal information, or using personal information in specific ways outside of this policy, you will generally be provided with a collection notice about the specific types of personal information we are collecting at that time, why we are collecting your personal information, how we will use, store and disclose your personal information, and how you can access and correct your personal information.
What personal information we collect and why we collect it
We collect personal information so we can use it in performing our functions and activities. Where the collection is not for one of the follow common reasons or the reason for collection is not implicit in the request, we should tell you the specific reason why we need to collect your information at the time we collect it. Our most common reasons are:
- managing our employees, contractors and visitors
- conducting our scientific operations
- providing products and services to members of the public
- responding to queries, requests and complaints
- distributing information including through mailing lists and other logins or managing those distribution channels
- complying with Australian laws, regulations and court orders.
Most of the scientific data we collect is not personal in nature, but we do perform a small social science function that collects personal information in line with the Privacy Act and strict academic ethics guidelines.
We do not administer any legislation that requires us to collect personal information, but we may collect your personal information to comply with other legislation.
The following points give a general overview of the types of information we might collect from you. Where we collect information that is not listed below, we should tell you the types of information we will be collecting at the time we collect it.
If you are an employee, we will collect information about your:
- identity
- contact details
- health
- pay and entitlements
- tax file number
- next of kin
- qualifications
- employment history
- likeness including a security pass photograph or security camera footage
- background, including criminal history.
If you are a contractor, associate or visitor to our office, we may collect information about your:
- identity
- contact details
- qualifications
- employment history
- likeness including a security photograph or security camera footage
- background, including criminal history.
If you sign up to a mailing list, we will collect your:
- name
- contact details
- other information that might be relevant to the mailing list, such as which industry you work in.
If you are purchasing products from us, we will collect your:
- name
- contact and delivery details
- order details
- credit card information (if you order over the phone).
If you are visiting our website or a web service we may collect information about your interaction using cookies and clickstream data.
If you interact with us on social media, we may collect the information that is publicly visible on your account.
If you are a stakeholder we are working with, we may collect:
- your name
- your contact details
- other information relevant to our work together.
We understand that from time to time you may not want to provide this information to us; you may withhold providing your personal information. However, doing so may mean that we are not able to provide you with the products and services you require, or a high level of service. If it will be impracticable for us to deal with you anonymously or using a pseudonym, we will normally ask you to identify yourself so we can carry out our functions and activities.
Sensitive personal information
We collect limited amounts of sensitive personal information.
If you are an employee, prospective employee, contractor or require unescorted access to our facility we will collect information about your criminal history through a police records check. Sensitive personal information may also be derived from security camera footage. Access to this information is strictly controlled and is only used in assessing your suitability for employment or access.
If you are performing field work for us we will collect health information and share this, such as with the team leader or contact officer to ensure that any illness or injury that occurs during field work can be appropriately managed.
Email mailing lists
We use Swift Digital, an online marketing platform service provider to send and manage emails. In using this service, Swift Digital collects personal information that may contain email addresses and other information to be used for the distribution of email campaigns and other information.
All information collected using the Swift Digital service remains our property and is never shared or used by third parties.
Swift Digital maintains your data in compliance with the Spam Act 2003 and the APPs.
All data held by Swift Digital is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections. All data stored via Swift Digital is encrypted at rest.
Should you wish to contact Swift Digital, you can find contact details on their website.
How we collect your personal information
Most of the time we will collect your personal information directly from you, either in writing, over the phone or through an online form or system.
Sometimes, we may also collect your personal information from third parties including, but not limited to:
- other government entities
- our service providers
- law enforcement agencies.
We will only collect your personal information from a third party or a private source if:
- you consent; or
- we are required or authorised to collect the information under an Australian law or a court/tribunal order; or
- it is not reasonable or practicable for us to collect the information directly from you.
In rare circumstances, we may receive personal information we did not request. If this happens, we will handle the information in accordance with the Privacy Act.
Why we disclose your personal information
We will only disclose your personal information in accordance with the Privacy Act. This includes disclosing your personal information for the purposes it was collected, or for a secondary purpose, if an exception applies.
The general reasons that we disclose personal information are explained below. Where we may disclose outside those general reasons, we may provide a collection notice which provides specific details about to whom we may disclose your personal information and the reasons for doing so.
We generally disclose personal information to third parties to:
- facilitate a service on our behalf, such as
- ICT and cloud computing services delivering a good or service to you
- processing information, such as financial information managing our human resources
- marketing and research
- facilitate a service on your behalf, such as financial services
- comply with an Australian law, regulation or court order
- provide information to other government entities where required during our normal operations, such as to our portfolio Department of State (the Department of Industry, Science and Resources), the Parliament or the Australian National Audit Office.
Some of the third parties we disclose personal information to may be located overseas. As required by the Privacy Act, we take reasonable steps to ensure that overseas recipients of your personal information do not breach their or our privacy obligations.
We will not share or disclose your personal information without your consent other than as described in this privacy policy, a specific collection notice, or allowed by law.
Privacy Impact Assessments
A privacy impact assessment is a systematic assessment of a project that identifies the impact the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
Privacy Impact Assessments Register
In accordance with s. 15(1) of the Privacy (Australian Government Agencies – Governance) APP Code 2017, we are required to maintain a register of all Privacy Impact Assessments completed.
This register was last updated on 16 November 2022.
Reference Number | Project Name | Project Description | Date PIA Approved |
---|---|---|---|
D2019-80163 | SSL Inspection implementation | SSL inspections will be implemented to help mitigate the risk of cyber attacks | 27/8/2019 |
D2019-85435 | Airborne geographical acquisition | Capture new baseline geoscientific datasets to provide further information on the geological context and setting for mineral and groundwater systems (see D2021-59183 ‘Airborne geophysics programs’ for an updated assessment) | 28/8/2019 |
D2020-136446 | Newcastle felt report transcription project | Produce de-identified and transcribed felt report data from the 1989 Newcastle earthquake for use in earthquake impact research | 20/11/2020 |
D2020-136447 | Analysis of portal usage statistics – AusSeabed persona | Analyse information about downloads from the Geoscience Australia Portal to produce statistics and reports on portal usage | 23/11/2020 |
D2020-142576 | Southern Positioning Augmentation Network (SouthPAN) | SouthPAN will deliver enhanced positioning, navigation and timing satellite services | 18/12/2020 |
D2021-6018 | Industry Engagement on the Adoption of Precise Positioning Information | A survey of the Australian positioning community to research user requirements and use cases | 1/2/2021 |
D2021-15730 | Cyber Security Awareness Training Platform | Delivery of cyber security awareness training and phishing simulations using a training platform | 16/3/2021 |
D2021-30861 | Interim Service Management Tool | Transition to a new service management tool for incident, request, change and problem management (see D2022-21518 for an updated assessment) | 20/5/2021 |
D2021-43733 | Scientific Capability and Capacity Deep Dive | A survey of staff capabilities and capacities to help determine how the entity is placed to achieve its strategic targets | 2/7/2021 |
D2021-59183 | Airborne geophysics programs | Temporary capture of video footage for airborne geophysics surveys to aid in resolving claims of disturbance to landholder operations | 28/9/2021 |
D2021-61135 | Employee Assistance Program portal | Access to the LifeWorks platform, a new and improved Employee Assistance Program portal for all staff to access | 8/10/2021 |
D2022-2264 | Guide to COVID-19 Vaccinations | Considers the possible impacts on individuals’ privacy through the handling of information about their COVID-19 vaccination status | 14/12/2021 |
D2022-21518 | Enterprise Service Management Tool | Enhancements to the interim service management tool (see D2021-30861) to support a broader range of service requests and asset management functions | 19/4/2022 |
D2022-46792 | Colouring Competition | Considers collection of personal information for a small scale colouring competition at a pop-up stall during National Science Week | 12/8/2022 |
D2022-67909 | Electronic Access Control System (EACS) and Closed-Circuit Television (CCTV) Upgrade – Symonston and Alice Springs sites | Replacing and upgrading the EACS and CCTV systems at GA’s Symonston and Alice Springs sites. | 20/5/2022 |
Security
We maintain your personal information in a secure environment. We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification and disclosure. We destroy or de-identify personal information when we no longer need it, in accordance with the requirements of the Archives Act 1983.
However, as our website is linked to the Internet, we cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Any personal information or other information that you send to us is transmitted at your own risk.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. We encourage you to examine each website’s privacy policy.
If you have a concern in this regard, we might be able to obtain and provide information another way, such as mail, telephone or facsimile.
How you can access and correct your personal information
You may request access to any personal information we hold about you at any time by either directly contacting the team responsible for the information (if you know who they are) or by contacting us, using the contact information below.
Where we hold information that you are entitled to access, we will provide it to you by a suitable means (e.g. by mailing or emailing it to you). We will not charge you for providing the information.
If you believe that personal information we hold about you is incorrect or incomplete, you may request to have it amended. We will consider whether the information requires amendment. If so, we will do so without charging you. In the unlikely event that we do not agree that there are grounds for amendment, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you may seek review if you do not agree with our decision. Before correcting personal information we may require verification of your identity.
There may be rare instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if required or authorised to refuse access under Commonwealth legislation. If that happens, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal if you wish to do so.
How to contact us about a complaint or possible breach of privacy
If you would like to make a complaint or believe there has been a breach regarding your personal information we hold, please contact us using the contact information below and provide details of the incident so that we can investigate it.
When we receive a complaint or notification of a possible breach, we will conduct internal inquiries. We will deal with your complaint as quickly as possible and will keep you informed of its progress. Once we have completed our internal inquiries, we will advise you of the outcome in writing.
If the breach is an ‘eligible data breach’ under the Notifiable Data Breaches scheme, we will also notify the Australian Information Commissioner.
If you are not happy with the response we provide, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). Information on how to make a complaint can be found on the OAIC website.
Contacting us
If you have any other questions about this privacy policy, please use the Contact link on our website or contact our Privacy Officer via the details set out below.
Requests and complaints will be treated confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. Please contact our Privacy Officer at:
Privacy Officer
Geoscience Australia
GPO Box 378
Canberra ACT 2601
Email: legalservices@ga.gov.au
Changes to our privacy policy
We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.
This privacy policy was last updated on 16 April 2024.