Skip to main content

Privacy

On this page

About this policy

This privacy policy applies to all employees, consultants, contractors, and volunteers of AIATSIS.

Purpose

The purpose of this privacy policy is to:

  • clearly communicate the personal information handling practices of the Australian Institute of Aboriginal and Torres Strait Islander Studies (AIATSIS).
  • enhance the transparency of our operations.
  • give individuals a better and more complete understanding of the sort of personal information that the we hold, and the way we handle that information.

Outline of this policy

Part A – Personal Information Handling Practices explains our general information handling practices across the agency including information about how we collect, use, disclose and store your personal information.  This is a summary-level description.

Part B – Types of Personal Information handled by AIATSIS' offers further detail by explaining our personal information handling practices in relation to specific AIATSIS functions or activities such as complaint handling and policy advice. Here you can find out what sort of records we keep and why. You may find this section helpful if, for example, you have made a request for access to the AIATSIS Collection or an application for research ethics approval, and want to know how your personal information will be used and managed.

Part C – Online explains our personal information handling practices when you visit our websites.

Part A – Our personal information handling practices

Our obligations under the Privacy Act

This privacy policy sets out how we comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act). As an Australian Government agency, we are bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations and government agencies may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.

In this privacy policy, 'personal information' has the same meaning as defined by section 6 of the Privacy Act:

Information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

The Privacy Act also defines ‘sensitive information’, which includes (in summary):

information or an opinion about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; or criminal record; health information about an individual; or other genetic or biometric information.

Collection of personal information

We may collect personal information about you such as your name, contact details, gender, date of birth, etc. We may also collect sensitive information about you including whether you are of Aboriginal or Torres Strait Islander origin or, such as for particular research projects, health information. It is your choice whether to provide information to AIATSIS. You can choose not to identify yourself or use a pseudonym, unless it is unlawful or impractical.

It is our usual practice to collect personal information directly from the individual or their authorised representative.

Sometimes we collect personal information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.

In limited circumstances we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.

We only collect personal information for purposes which are directly related to our functions or activities under the Privacy Act, Freedom of Information Act 1982 (Cth) (FOI Act) or the Australian Institute of Aboriginal and Torres Strait Islander Studies Act 1989 (Cth), and only when it is necessary for or directly related to such purposes. We also collect personal information related to employment services, human resource management, and other corporate service functions. These purposes are listed below, with links to where you can find more detail in Part B.

Public enquiries, awareness and events

  • When an individual contacts us asking for information or advice about our functions and activities.
  • When people ask to be on an email or mailing list so that we can send them information about its activities or publications.
  • When we record who we have had contact with in relation to media or other public relations events.
  • When an individual consents to their image or quote being used in communications materials.
  • When we conduct conferences, seminars or other events.

AIATSIS Collection

  • When people submit applications for access to or copies of material in the AIATSIS Collection, including documents and audio-visual material.
  • When people arrange to visit AIATSIS to undertake research or view material in the Collection.
  • When people submit reference queries or interlibrary loan requests.
  • When people offer material to AIATSIS, including materials received under Grant Agreement, Deed of Gift, Deposit, or through the Cultural Gifts Program.
  • When release forms are completed to accompany photographs, videos or audio recordings created by AIATSIS staff for inclusion in the Collection.

Research

  • When individuals seek ethics clearance through the AIATSIS Research Ethics Committee.
  • When people partner with or are funded by AIATSIS to undertake research.
  • When people participate in AIATSIS led- or funded- research projects, including through surveys.

Publications

  • When individuals submit proposals or manuscripts for publication.
  • When individuals enter author-publisher contracts.
  • When people purchase AIATSIS and Aboriginal Studies Press publications, including when they subscribe to the Aboriginal Studies Journal.

AIATSIS membership

  • When an individual submits an application for membership of AIATSIS.
  • To maintain and update details needed to administer their membership over time.

AIATSIS governance

  • When we provide secretariat support to the AIATSIS governing Council and other governance and advisory committees. 
  • When individuals are being considered for appointment to the AIATSIS Council or committees, whether by election, application or invitation.

Administrative activities

  • When we process freedom of information applications.
  • When we manage the personnel and corporate service functions of the AIATSIS, including security.

For more detailed information about these purposes and the information handling practices that apply to them, see Part B.

We also collect personal information (including contact details) as part of our normal communication processes directly related to those purposes, including:

  • When an individual emails staff members.
  • When an individual telephones us.
  • When an individual hands us their business card.

Use and disclosure

We only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities, and we do not give it to other government agencies, organisations or anyone else unless one of the following applies:

  • The individual has consented.
  • The individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies.
  • It is otherwise required or authorised by law.
  • It will prevent or lessen a serious and imminent threat to somebody's life or health.
  • It is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.

Data quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

Data security

We take steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure. These steps include password protection for accessing our electronic IT system and other IT security measures such as firewalls, secure servers and encryption of credit card transactions, securing paper files containing sensitive personal information in locked cabinets and physical access restrictions (eg. building security)

When no longer required, personal information is destroyed in a secure manner, or deleted.

Access and correction

If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act, FOI Act or other relevant law to withhold the information, or not make the changes.

If we do not agree to provide access to personal information or to amend or annotate the information we hold about them, the individual may seek a review of our decision or may appeal our decision under the FOI Act.

If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record.

Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us (see details below).

How to contact us

Contact us

P: +61 02 6246 1111

Assisted Contact

If you are deaf, or have a hearing or speech impairment, contact us through the National Relay Service:

  • TTY users phone 133 677 then ask for 02 6246 1111
  • Speak and Listen users phone 1300 555 727 then ask for 02 6246 1111
  • Internet relay users connect to the NRS then ask for 02 6246 1111

If you do not speak English, or English is your second language, and you need assistance to communicate with us, call the Translating and Interpreting Service on 131 450 then ask for 02 6246 1111.

Note: Apart from the local call cost these are free services for you.

Postal address

GPO Box 553
Canberra ACT 2601
Australia

P: 02 6261 4285
executivecoordination@aiatsis.gov.au

If you are not satisfied

If you are not satisfied with AIATSIS’ handling of a complaint or enquiry about your personal information or privacy, you can make a complaint to the Office of the Privacy Commissioner.

Part B – Types of personal information handled by AIATSIS

Enquiries, public awareness, communication materials and events

Purpose

We may collect personal information to respond to specific enquiries (which may be received by phone, e-mail, writing or in person) about AIATSIS’ functions and activities on a case-by-case basis.

We maintain contacts lists which include contact information about individuals who may have an interest in AIATSIS’ activities. We use these contacts lists to distribute information about our activities and publications.

When we host events, including meetings, seminars, and conferences, we may collect personal information about potential attendees and participants to issue invitations and to manage and support individuals’ attendance or participation.

When individuals or groups consent to allowing AIATSIS to use their image or quotes in communications material, we maintain copies of signed model release / consent forms as evidence of consent for the purposes identified. We also maintain this record in case we need to make contact with the individuals or groups again in relation to new or varied uses of their image / quote.

Collection

It is our usual practice to collect personal information in contacts lists directly from individuals, for example, where they have asked to be added to a contact list.

When organising events and conferences, we may use a third party to assist with organisation and communication.  In those cases we may provide personal information in contacts lists to that party for the exclusive purpose of organising that event on our behalf, and that party may collect personal information to compile contacts lists for that purpose.

We may also collect personal information when recording contact we have had with the media or public relations representatives in relation to AIATSIS’ events and activities.

Personal information for image/quote use consent is collected directly from individuals through paper-based forms or emails.

Sometimes we collect personal information from a third party or from a publicly available source such as a website or telephone directory. We usually only collect personal information in this way if the individual would reasonably expect us to, or has given their consent. For instance, we might collect this information if we thought that the individual (or the organisation they work for) would like to receive information about events or research we are carrying out, or that they might be likely to consider this information useful in the work they do.

Use and disclosure

Where we collect personal information to respond to enquiries, we will only use the information for that purpose, unless the individual indicates they would like to be included on a contact list or receive further information in the future.

We only use personal information in contacts lists for the purpose of managing public and stakeholder relations or events.

We do not give personal information about an individual to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

AIATSIS uses a number of online channels, including social networking services, to communicate with individuals and organisations with an interest in our research, collections, publications and other activities and events. The use of these services is governed by the online channel's Terms and Conditions and Privacy Policies. Users may be required to supply some personal information such as name and email address to use these channels to communicate with the AIATSIS . Using these services to communicate with us may make some personal information visible to the AIATSIS and third parties.

Data quality

We maintain and update personal information in our contacts lists when we are advised by individuals that their personal information has changed. We also regularly audit contacts lists to check the currency of the contact information. We will remove contact information of individuals who advise us that they no longer wish to be contacted. In accordance with the Spam Act 2003, all electronic messages contain an unsubscribe option and we will remove contact information of individuals who advise us that they no longer wish to be contacted.

Data security

The personal information in the contacts lists is stored in either password protected electronic media or in locked cabinets in paper form. When no longer required, personal information in contacts lists is destroyed in a secure manner or deleted in accordance with AIATSIS’ Information and Records Management Framework.

Routine access to contacts lists is limited to the database operators who have responsibility for maintaining the contacts lists. Other staff members have access to the personal information in contacts lists on a need to know basis.

Access and correction

For information about how to access or correct personal information please contact us.

AIATSIS Collection

AIATSIS holds an extensive collection of documentary and audio-visual material relating to Aboriginal and Torres Strait Islander peoples’ history and culture. This includes material in analogue and digital formats, and the associated metadata (data about the collection items). Material held in or accepted into AIATSIS’ collection is no longer defined as ‘personal information’ under the terms of the Privacy Act 1988 and the Archives Act 1983.  However, we collect and use personal information in the processes of building and managing the collection.

Purpose

We collect personal information to enable us to:

  • Acquire material for the Collection, through donation, deposit or purchase, identify and describe materials and then manage access to that material.
  • Provide access to material in the Collection – through provision of copies of material, visits by clients to AIATSIS’ premises, or visits by AIATSIS staff to other locations.
  • Respond to reference requests.

Collection

Personal information about individuals who approach AIATSIS about the donation, deposit or sale of material for the collection would be collected from the individual or their authorised representative. In some cases AIATSIS may source details about individuals, such as commercial dealers, from publicly available sources. Personal information may be contained in unsolicited material that is presented to AIATSIS for possible inclusion in the collection.

Personal information about people who are seeking information about or access to material in the AIATSIS Collection will likewise be collected from the individual making the enquiry, request for access or reference request.

Personal information about parties including community representatives who permission may be required to allow access to materials will be collected from the individual themselves, publicly available sources such as telephone directories and websites, or as a last resort from third parties.

Use and disclosure

Personal information will be only used for

  • Liaising with prospective or actual donors, depositors or sellers about the acquisition and management of material for the collection.
  • Seeking permission when required from depositors or communities for access to or use of collection materials.
  • Providing copies of collection materials to clients. 
  • Making arrangements for clients to visit the AIATSIS premises, or for AIATSIS’ staff to visit communities or events for the purpose of providing access to the collection.

Where the conditions of deposit for material in the AIATSIS Collection include a requirement for permission from the depositor or a community representative, contact details for the depositor or their authorised representative, or an appropriate community representative, may be provided to the party seeking access or use of that material.

Where AIATSIS receives unsolicited material, which may include personal information, for possible inclusion in the Collection and decides not to accept that material, it will be returned to the sender.  If the sender cannot be identified, that material will be stored and eventually destroyed if no sender comes forward.

Data quality

We maintain and update the personal information we hold as necessary or when we are advised by individuals that their personal information has changed.

Data security

The personal information collected is held in an electronic databases and files. Some personal information is also held in paper files.

The following staff members have access to the electronic databases and paper files on a need to know basis:

  • Chief Executive Officer and Deputy Chief Executive Officer
  • Executive Director, Collection Services 
  • Collection Development, Collection Management and Collection Access staff
  • Digital Services (ICT) staff

When no longer required, personal information in paper files is destroyed in a secure manner, or deleted.

Personal information stored in our electronic databases, when no longer required, is deleted in a secure manner. The databases maintain audit trails whenever personal information is accessed, included, amended or deleted on the database.

Access and correction

Please contact us

Research

Purpose

We collect personal information to support the following research activities:

  • Ethics clearance of research proposals through the AIATSIS Research Ethics Committee
  • Establishment of partnerships with research organisations or individual researchers, including the preparation of joint applications for funding from third parties
  • Providing funding to researchers
  • Undertaking research, including surveys.

Collection

We collect personal information relating to research activities directly from individual researchers or their agencies or organisations, from individual research or survey participants, or from publicly available sources such as websites or telephone directories.

Use and disclosure

Personal information collected for research purposes is not disclosed to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Successful ethics approvals are published on the AIATSIS website, including the applicant name, project title and approval date.

Personal information relating to collaborative research proposals and partnerships may be disclosed to other partners, prospective partners and funding bodies as agreed by those parties.

Where AIATSIS provides research funding through grants, the intended use of personal information collected through the grant application process will be set out in the application documentation and funding agreement.

The collection of personal information from research participants is guided by the Australian Code for the Responsible Conduct of Research and the Guidelines for the Ethical Research in Australian Indigenous Studies (GERAIS).

Personal information will only be included in published research as agreed by participants through individual consent forms. 

Data quality

We maintain and update personal information in our research files as necessary or when we are advised by individuals that their personal information has changed.

Data security

Research project information is stored in either password protected electronic media or in paper files. When no longer required, personal information in research files is destroyed in a secure manner

The following staff members have access to policy files on a need to know basis:

  • Chief Executive Officer and Deputy Chief Executive Officer
  • Executive Director, Collection Services 
  • Collection Development, Collection Management and Collection Access staff
  • Digital Services (ICT) staff

Access and correction

For information about how to access or correct personal information held in relation to AIATSIS research, including research projects that have been approved by the AIATSIS Research Ethics Committee, please contact ethics@aiatsis.gov.au or telephone (02) 6246 1111.

You may choose to address your enquiry to the Research Ethics Committee, through the Chair, via e-mail or by mail at: GPO Box 553, Canberra, ACT 2601.  The Research Ethics Committee is independent and its members do not work at AIATSIS.

Publications

Purpose

We collect certain personal information from authors and purchasers to support the production and sale of AIATSIS (including Aboriginal Studies Press) publications.

Collection

We collect this information from the authors or their authorised representatives, and from the individual purchasers.

Use and disclosure

Author information is collected to enable correspondence with authors, promotional activities and the payment of royalties.  Personal information is only disclosed (eg. to media to set up interviews or to submit books to awards) with the permission of the author.

Purchaser details are supplied by the individual, including through using the AIATSIS online shop.  Please see Part C for more about information collected online by AIATSIS, including through AIATSIS online shop.

Data quality

We maintain and update personal information in our publication files as necessary or when we are advised by individuals that their personal information has changed.

Data security

Information is stored in AIATSIS electronic files and in the secure AIATSIS online shop and payments databases.

Access and correction

For information about how to access or correct personal information held in AIATSIS (including Aboriginal Studies Press) publication and contact files contact Aboriginal Studies Press on (02) 6246 1183 or asp@aiatsis.gov.au.

AIATSIS membership

The AIATSIS Act 1989 provides for membership of the Institute. Find out more about AIATSIS membership

Purpose

We collect personal information to enable us to:

  • Correspond with applicants for membership of AIATSIS
  • Assess applications for membership against the criteria set out in the AIATSIS Act 1989 and AIATSIS Rules
  • Administer the membership including distributing information, organising events involving members and arranging re-appointment as required.

The personal information held may include contact information, application form, curriculum vitae and other information provided in support of applications, and other information about areas of study, research and interest.

Collection

We collect personal information directly from applicants/members or their authorised representatives.

Use and disclosure

We only use the personal information we collect to carry out activities to assess applications for membership, administer the membership and provide information and support to members.

The personal information provided in membership applications will be disclosed to the AIATSIS Research Advisory Committee, and the staff that support it, and to the members of the AIATSIS Council.  This enables the Committee and Council to assess and make decisions about the membership applications.  We also use the personal information we hold to contact applicants and their nominated referees.

We use the personal information we hold about members to provide them with information about AIATSIS’ activities and events and other matters of interest.  All contact with applicants and members is made through the Executive Officer or other Executive Unit staff, except for in exceptional circumstances.

We will publish the names of AIATSIS members on the AIATSIS website, only with their explicit consent.

Data quality

We maintain and update the personal information we hold as necessary or when we are advised by individuals that their personal information has changed.

Data security

The personal information collected is held in an electronic database. Some personal information is also held in paper files.

The following staff members have access to the electronic databases and paper files on a need to know basis:

  • Principal and Deputy Principal
  • Executive Unit staff, including the Executive Officer and Director Executive and Director, Knowledge Management
  • IT staff
  • Records management staff.

When no longer required, personal information in paper files is destroyed, in a secure manner.

Personal information stored in our electronic databases, when no longer required, is deleted in a secure manner. The databases maintain audit trails whenever personal information is accessed, included, amended or deleted on the database.

Access and correction

For information about how to access or correct personal information held in membership files contact the Executive Officer at members@aiatsis.gov.au or phone 02 6261 4236.

AIATSIS Council and other governance and advisory committees

Purpose

We collect personal information to administer the involvement of the AIATSIS governing Council and Research Advisory Committee required under the AIATSIS Act 1989, and other advisory committees that are established to support AIATSIS’ performance of its functions and stakeholder participation.

This would usually include contact information, information required to arrange travel and accommodation for AIATSIS’ business, and biographical information for the purposes of public communication.

This information may be requested from or provided by an individual before they are appointed to the Council or a Committee as part of application, election or appointment processes.

Collection

We collect personal information directly from members of Council and the Committees.

We may also collect personal information about members from third parties when it is relevant.

Use and disclosure

Personal information about AIATSIS’ Council and other committee members is used by the relevant Secretariat and corporate services staff, and only disclosed with the permission of members.

We do not give personal information held in these files to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data quality

We maintain and update personal information about Council and Committee members when we are advised by members that their personal information has changed, or when we identify relevant information through public communication channels. We confirm information advised by third parties or public channels with the individual before changing our records.

Data security

Personal information about Council and Committee members that is not available in the public domain is kept in electronic and paper files accessible only by the following staff:

  • Chief Executive Officer and Deputy Chief Executive Officer
  • Director of the relevant business unit (eg. for the Council, this is the Executive Unit)
  • Secretariat staff for the Council or the relevant committee
  • Digital Services (ICT) staff

Access and correction

Access to and correction of personal information related to the Council or committees can be made via the relevant Secretariat or:
P: 02 6246 1111
executivecoordination@aiatsis.gov.au

Administration

Administration includes personnel and other corporate services such as security, and applications under the Freedom of Information Act.

Purpose

Personnel Records

The purpose of personnel records is to maintain current employee information for business and employment related purposes, or where authorised or required by law. The personal information in these files relates to the employee and may include:

  • Application(s) for employment including the employee's résumé(s), statement(s) addressing the criteria and referee reports
  • Written tasks undertaken by the employee during the selection process
  • Notes from the selection committee during the selection process
  • The employee's employment contract, and other records relating to their terms and conditions of employment
  • Details of financial and other personal interests supplied by some employees and their immediate family members for the purpose of managing perceived or potential conflicts of interest
  • Proof of Australian citizenship
  • Certified copies of academic qualifications
  • Records relating to the employee's salary, benefits and leave
  • Medical certificates or health related information supplied by an employee or their medical practitioner
  • Contact details
  • Taxation details
  • Superannuation contributions
  • Information relating to the employee's training and development
  • Copy of drivers’ license of staff who drive AIATSIS vehicles.

The purpose of keeping records on candidates for employment ("applicant files") is to allow us to assess the suitability of candidates for employment at the AIATSIS. Information that AIATSIS holds may include:

  • Application(s) for employment including the employee's cover letter(s), résumé(s), statement(s) addressing the criteria and referee reports
  • Written tasks undertaken by the employee during the selection process
  • Notes from the selection panel during the selection process
  • Contact details.

AIATSIS may also keep applicant files for future vacancies (eligibility lists) for up to 12 months.

Security

Personal information is collected to protect the security of AIATSIS personnel and assets at its premises at 51 Lawson Crescent and Limestone Cottage on Acton Peninsula.  This includes photographs of present and past staff, information from the register of visitors to AIATSIS’ premises and images of visitors to the premises.

Freedom of Information

When the AIATSIS receives a request for access to documents under the FOI Act, we create an electronic and a paper file, and list the application, including the name of the applicant, on our ‘FOI Register’, which is a spreadsheet used to track progress on FOI applications and record data (not personal information) we are required to report to the Office of the Australian Information Commissioner. We collect personal information from FOI applicants to enable us to process their application and to keep track of the information released to them under the FOI Act.

The personal information in these files relates to the FOI applicant, however, the files may also contain other personal information contained in the documents that are relevant to the FOI request.

Collection

Personnel records

AIATSIS generally collects personal information directly from employees and applicants but may also collect personal information from intermediaries such as recruitment agents and personnel providers.

AIATSIS may also collect personal information about employees and applicants from third parties when it is relevant to the selection process.

Security

AIATSIS collects personal information about visitors from the individual. Images are collected from closed circuit cameras located around the exterior and publicly accessible areas of the interior of the building, such as the reception desk.

Freedom of Information (FOI)

We collect personal information in FOI files directly from individuals who make an FOI request.

Use and disclosure

Personnel records

Personal information in personnel files is only used for the purpose of maintaining current employee data and information for business and employment related purposes.

We only use personal information in applicant files for the purpose of assessing and processing applications for employment.

We do not give personal information held in these files to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

The circumstances in which personal information may be disclosed to another agency, with the knowledge of the individual concerned wherever possible, would include during the transfer of a staff member from or to another agency and to the provider of our payroll service.

Security

Employee photographs are retained in a database, during and after the individual’s employment with AIATSIS.  They are used on staff security passes for the duration of the individuals’ employment.

Information from the visitors’ register and security cameras are used only in the event of a security incident or an emergency.  In those circumstances, they may be disclosed to police or emergency services.  The visitors register is kept as a paper record and then destroyed after one year  Closed circuit camera footage is retained for a period of some months and then, if not required due to a security incident, written over.

Freedom of Information

We only use the personal information in FOI files for the purpose of assessing and processing the FOI application.

We do not give personal information held in FOI files to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data quality

AIATSIS maintains and updates personal information in our personnel, applicant and Freedom of Information files as necessary, or when we are advised by individuals that their personal information has changed.

Data security

Personnel files

AIATSIS will take all reasonable steps to ensure that all personnel or application files in its possession or control are protected against loss, unauthorised access, misuse, disclosure or modification and that only authorised employees have access to such material.

Personnel files are stored in locked cabinets in paper form. Previous employee files are scanned, archived in boxes and stored in a locked compactus. Scanned files are held on a restricted drive only accessible by human resources staff. Personal information relating to payroll is stored in a locked compactus, and in secure lockers.

Applicant files are filed and stored on password protected electronic media which are stored on a USB and locked in cabinets. These applicant files are stored for 7 years and then destroyed in a secure manner or deleted in accordance with the Administrative Functions Disposal Authority (AFDA). The paper records of these files are destroyed after 12 months. Any duplicate copies of applications used as part of the selection process are disposed of securely at the end of the process.

The following staff members have access to personnel and applicant files on a need to know basis:

  • CEO and Deputy CEO
  • Directors
  • Staff sitting on the selection committee
  • Human Resources manager
  • Human Resources staff

Security

Footage from security cameras is accessible only by

  • CEO and Deputy CEO
  • Director, Corporate Services
  • Facilities and security staff

Freedom of Information

FOI files are stored in the Executive unit or the Corporate Services Registry. When no longer required, personal information in FOI files is destroyed in a secure manner.

The following staff members have access to FOI files on a need to know basis:

  • CEO and Deputy CEO
  • Director – People, Facilities and Security
  • Other staff involved in responding to an FOI application
  • Records management and IT staff

Access and correction

For information about how to access or correct personal information in administrative files, please see: Correction of personal information, chapter 13 of the Australian Privacy Principles guidelines.

Part C – Information collected online by AIATSIS

Collection

It is our usual practice to collect information about all visitors to our online resources. That information is very limited and only used to identify generic behavioural patterns.

Sometimes we use third party platforms to deliver information. These are sites hosted and managed by organisations other than ourselves. Before deciding if you want to contribute to any third party site you should read their privacy policy.

AIATSIS uses both internally built survey software and third-party vendors for the collection, aggregation and analysis of some survey data; they include, but may not be limited to SurveyMonkey.

 

The information you provide when using SurveyMonkey is transferred and stored in SurveyMonkey's secure data warehouse. The information collected in these surveys is transmitted and stored securely in the United States and is accessed by AIATSIS in accordance with SurveyMonkey privacy policy.

 

The information you provide when using internally built survey software is stored securely in Australia and accessed by AIATSIS in accordance with our privacy policy.

There are several methods and packages that we use to collect visitor behaviours on each of our online platforms. We use Google Analytics on our websites. Information and data collected through Google Analytics is stored by Google on servers in the United States of America, Belgium and Finland. You can opt out of the collection of information via Google Analytics by downloading the Google analytics opt-out browser add on.

When you visit any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:

  • server address
  • top level domain name (for example .com, .gov, .au, .uk etc.)
  • date and time of your visit to the site
  • pages you accessed and documents downloaded during your visit
  • previous site you visited
  • if you've visited our site before
  • type of browser used.

We record this data to maintain our server and improve our services. We do not use this information to personally identify anyone.

Cookies

Most of our online platforms use sessions and cookies. A cookie is a short piece of data which is sent from a web server to a web browser on the user's machine when the browser visits the server's website and is stored on the user's machine. The core functionality on these platforms will be largely unaffected if you disable cookies in your browser but you may be unable to access some advanced functions.

Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We use Survey Monkey (a third party software supplier) to administer online surveys. Survey Monkey use third party cookies. The information collected by these cookies is not capable of identifying you and is only used to ensure our surveys run smoothly. We will only use the information collected from the surveys for statistical and maintenance purposes, unless you have given permission to use your responses in another manner.

Use and disclosure

We do not give personal information collected online to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data quality

We will delete or correct any personal information that we hold about you on request.

If you are on one of our automated email lists, you may opt out of further contact from us by clicking the 'unsubscribe' link at the bottom of the email or contacting us directly.

Data security

There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms.

We will take all reasonable steps to protect the personal information in order to prevent misuse, loss, or unauthorised access, including by means of firewalls, password access, secure servers and encryption of credit card transactions.

Access and correction

For information about how to access or correct personal information collected on our website, please see: Correction of personal information, chapter 13 of the Australian Privacy Principles guidelines.

Further reading

PIA assessment disclosure

The Privacy (Australian Government Agencies – Governance) APP Code 2017 (Privacy Code) requires the Agency to undertake privacy impact assessments (PIAs) in certain instances and to maintain and publish a register of those PIAs from 1 July 2018.

PIA Title Project Name Date of PIA
no data    

PIA assessment disclosure last updated: 10 February 2023.

Last updated: 16 November 2023