About this Policy

This Privacy Policy (policy) is intended to provide an overview of how the Asbestos and Silica Safety and Eradication Agency (the agency) handles personal information in compliance with our obligations under the Privacy Act 1988 (Privacy Act) and in particular the provisions of the Australian Privacy Principles (APPs) contained within that Act.

The APPs regulate how the agency collects, holds, uses and discloses your personal information and how you access and correct the personal information that we hold about you. The APPs only apply to information about individuals, not information about corporate entities. Further information about the Privacy Act and the APPs is available on the Office of the Australian Information Commissioner’s website.

The agency is committed to protecting the privacy of ‘personal information’ collected by the agency and its contractors and agents (collectively, the agency), which at times includes "sensitive information". The agency only collects, holds, uses and discloses personal information for a lawful purpose that is reasonably necessary for, or directly related to, one or more of its functions under the Asbestos and Silica Safety and Eradication Agency Act 2013 and the objects of that Act.

The object of the Act is to establish the Asbestos and Silica Safety and Eradication Agency to lead coordinated and national action to eliminate asbestos‑related diseases and silica‑related diseases in Australia.

The agency uses personal information for the purpose(s) for which it was given (unless otherwise required by or authorised by law). The agency may also use personal information as consented by the individual or for related purposes where the individual would reasonably expect the agency to use or disclose the information.


Information the agency collects and how it uses it

Collecting personal information

‘Personal information’ means information (or an opinion) in any form, whether true or not, about an identified individual, or an individual who is reasonably identifiable.

Names and contact details

The agency collects names, emails and other contact details as part of such core activities as:

  • general enquiries and correspondence (including email)
  • processing applications to import and export asbestos under the relevant regulations (at times this will involve contact details for individuals rather than just the corporate entity)
  • public comment processes and events relating to the implementation of the National Strategic Plan (including asbestos awareness campaigns), and
  • maintaining the National Asbestos Exposure Register (the Register).

The agency collects only the minimal amount of personal information necessary to perform these functions. Where practicable users can remain anonymous or use a pseudonym.


The agency collects names, contact details and more detailed personal information as part of its recruitment processes. More detailed information includes employment and career history, dates of birth and in some cases criminal history checks. Personal information collected as part of recruitment processes is used for the agency’s recruitment processes and kept for an appropriate period, depending on the outcomes of the processes for the individuals concerned.


Collecting sensitive information

‘Sensitive information’ means personal information about you that is of a sensitive nature, including information such as the following:

  • racial or ethnic origin
  • membership of a professional association
  • criminal record
  • sexuality
  • religious beliefs or affiliations
  • health information about an individual.

Generally ‘sensitive information’ has a higher level of privacy protection than other personal information.  The agency collects some sensitive information in the performance of its functions, for example it collects health information, for the purpose of responding to an asbestos safety query or for the purpose of including an individual’s details on the National Asbestos Exposure Register.

If you or another person provides the agency with sensitive information, the agency will only retain the information if:

  • you have consented to the collection of the information and it is reasonably necessary for , or directly related to one of our functions or activities
  • collection of the information is required or authorised by or under Australia law or court/tribunal order
  • where a ‘permitted general situation’ exists (for example, a situation where using the information is necessary to prevent serious threats to life, health or safety of an individual), or
  • collection of the information is authorised for other purposes permitted under the Privacy Act.

 Where more detailed information is needed to explain its privacy practices in relation to specific types of personal information including ‘sensitive information’, the agency develops and provides separate privacy notices to describe how it will handle the personal information that it collects in relevant circumstances. For example, a privacy notice is provided in relation to collecting information for the National Asbestos Exposure Register.


Collecting personal information from third parties

The agency usually collects personal information directly from the individual concerned or another person authorised by that individual. In some cases it will be collected from a third party if authorised or required by law.

Communication - emails and electronic forms

The agency’s servers may record your email address if you send the agency a message online. Your email address will not be added to a mailing list unless you have provided it to the agency in order to subscribe to its subscription database.

Where you choose to send the agency a completed electronic form that includes your personal details, the agency collects personally identifiable information such as name, address and email address.

The information collected by email or electronic forms will be used only for the purpose for which you provided it, and the agency will not disclose it unless one of the circumstances described below under the heading Information Sharing has been satisfied. For those who do not wish to use the internet, the agency provides alternative ways of providing information, for example forms may be printed and lodged by post.

Log information (browsing)

When you use the agency’s online services, its servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your server address, your top level domain name (for example, .com, .gov, .au, .uk, etc), the date and time of visit to the site, the pages accessed and documents viewed, the previous sites visited, the browser type, the browser language, and one or more cookies that may uniquely identify your browser.


A cookie is a small file containing a string of characters to your computer that uniquely identifies your browser. It is information that your web browser sends back to the agency’s website server whenever you visit it again. The agency use cookies to ‘remember’ your browser between page visits. In this situation, the cookie identifies your browser, not you personally. No personal information is stored within the agency’s cookies.

Google Analytics

The agency uses Google Analytics to collect information about visitors to its website. Google Analytics uses first-party cookies and JavaScript code to help analyse how users use the site. It anonymously tracks how visitors interact with this website, including how they have accessed the site (for example from a search engine, a link, an advertisement) and what they did on the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of compiling reports on website activity and providing other services relating to website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on your browser.

Social media

The agency may at times may use social networking services such as Twitter, Facebook, LinkedIn, Instagram and YouTube to communicate with the public about our work.  When you communicate with the agency using these services, it may collect your personal information, but will only use it to help us to communicate with you and the public.  The social networking services will also handle your personal information. The agency has no control or influence over third party privacy policies. Please refer to these specific social networking sites to review their privacy policies.


ASSEA uses third party service providers to run advertising and paid public health campaigns. This technology uses cookies and/or device identifiers to:

  1. track the performance of ads based on visitors’ interaction with ASSEA’s ads; and 
  2. show ASSEA’s ads across sites, applications and devices based on visitors past visits and behaviour on our Website and social media channels (including but not limited to the use of retargeting, contact targeting and lead generation forms). When you visit ASSEA’s Website or social media channels, you may receive future ASEA ads on other sites and applications.

Your personal information is not shared directly with ASSEA, only aggregated reports about the website and application audience (including non-identifying demographic information) and ad performance (which does not identify you personally) is received by ASSEA.

You can opt-out of ASSEA’s advertising to you by setting your browser to refuse all or some browser cookies, or by adjusting your mobile device settings. If you have concerns, you can contact our Privacy Officer.


Access and alteration of records containing personal information

You have a right under the Privacy Act to access personal information we hold about you. You also have a right under the Privacy Act to request corrections of any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. To access or seek correction of personal information we hold about you, please contact us using the contact details set out below. If you request access to or correction of your personal information, we will respond to you within 30 calendar days.

While the Privacy Act requires that we give you access to your personal information upon request or an opportunity to request the correction of your personal information, it does set out circumstances in which we may refuse to give you access or decline to correct your personal information. If we refuse to give you access or make corrections to your personal information, we will provide you with a written notice which, among other things, gives our reasons for refusing your request. It is also possible to access and correct documents held by us under the Freedom of Information Act 1982.


If you are dissatisfied with our response, you may make a complaint, either directly to us (see below), or you may wish to contact:


Information sharing

The agency only discloses personal information to third parties in the following circumstances:

  • where you are reasonably likely to have been aware, or made aware by way of a privacy notice, that your personal information is usually passed to the relevant parties
  • where you have consented to the disclosure of your personal information
  • where we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to your life or health or that of another person
  • where the disclosure is required or authorised by or under law
  • where the disclosure is reasonably necessary for the enforcement of criminal law or a law imposing a pecuniary penalty, or for the protection of public revenue.


Information security and data integrity

The agency takes all reasonable steps to

  • protect the personal information that we hold from misuse, interference, loss, unauthorised access, modification or disclosure by using a number of protective measures including password protection for accessing our IT systems, tracking access to our IT systems, locked filing cabinets for any paper documents and physical access restrictions to our offices;
  • make sure personal information we collect and store is accurate, relevant, up-to-date, complete and not misleading; and
  • ensure that, where it has given personal information to a contractor (that carries out a service for the agency), the contractor complies with the Information Privacy Principles in the Privacy Act.

When no longer required, personal information is destroyed or deleted in a secure manner or transferred to the National Archives of Australia (NAA) in accordance with our obligations under the Archives Act 1983.


Changes to this policy

Please note that this policy will be regularly reviewed and will be updated when our information handling practices change.


Privacy Impact Assessment (PIA) Register

The Privacy (Australian Government Agencies – Governance) APP Code 2017 requires all agencies, including the Asbestos Safety and Eradication Agency, to:

  • conduct a PIA for all high privacy risk projects
  • publish and maintain a register of PIAs – the Privacy Impact Assessment Register.

High privacy risk projects

A high privacy risk project is a project with new or changed ways of handling personal information, which may significantly impact peoples’ privacy.

List of PIAs

We do not have any PIAs to report.

Supporting Information 

Office of the Australian Information Commissioner

This Privacy Impact Assessment Register was last updated on 9 May 2024.



If you think we have breached your privacy, you may contact us to make a complaint using the contact details set out below. In order to ensure that we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.

Please be aware that it may be difficult to properly investigate or respond to your complaint if you provide insufficient detail. You may submit an anonymous complaint. However, if you do it may not be possible for us to provide a response to you.

We are committed to quick and fair resolution of complaints and will ensure your complaint is taken seriously and investigated appropriately. Please be assured that you will not be victimised or suffer negative treatment if you make a complaint.

If you are not satisfied with the way we have handled your complaint in the first instance, you may contact the Office of the Australian Information Commissioner to refer your complaint for further investigation. Please note that the Information Commissioner may not investigate if you have not first brought your complaint to our attention.

Office of the Australian Information Commissioner

GPO Box 5218
Sydney NSW 2001

Telephone: 1300 363 992



If you have any questions about privacy or if you wish to access or amend your personal information under the Privacy Act you can write to:

The Privacy Officer

Asbestos and Silica Safety and Eradication Agency

GPO Box 9880

Sydney  NSW  2001